[Pgsql-ayuda] =?iso-8859-1?Q?RE:_=5BPgsql-ayuda=5D_contrase=F1as?=

[Gunnar Wolf]

> Usa este scrip en Per que genera passwords tipo del archivo de /etc/passw=
d
>
> el archivo lo llame "passgen" y lo uso para generar usuarios para el cvs.=
=2E.
>
> ----------------------
> #!/usr/bin/perl
> srand (time());

No es necesario hacer esto... De hecho, es poco recomendable, ya que le
pones un valor bastante predecible a tu random seed. Cito un par de
p=E1rrafos de perldoc -f srand:


               In fact, it's usually not necessary to call
               "srand" at all, because if it is not called
               explicitly, it is called implicitly at the first
               use of the "rand" operator.  However, this was not
               the case in version of Perl before 5.004, so if
               your script will run under older Perl versions, it
               should call "srand".

               Note that you need something much more random than
               the default seed for cryptographic purposes.
               Checksumming the compressed output of one or more
               rapidly changing operating system status programs
               is the usual method.  For example:

                   srand (time ^ $$ ^ unpack "%L*", `ps axww | gzip`);

               If you're particularly concerned with this, see
               the "Math::TrulyRandom" module in CPAN.
(...)
               Frequently called programs (like CGI scripts) that
               simply use

                   time ^ $$

               for a seed can fall prey to the mathematical prop-
               erty that

                   a^b =3D=3D (a+1)^(b+1)

               one-third of the time.  So don't do that.

> my $randletter =3D "(int (rand (26)) + (int (rand (1) + .5) % 2 ? 65 :97)=
)";
> my $salt =3D sprintf("%c%c", eval $randletter, eval $randletter);
> my $plaintext =3D shift;
> my $crypttext =3D crypt ($plaintext, $salt);
> print "${crypttext}\n";
> ----------------------
> le pasas el password entre comillas y te genera un criptograma que no se
> repite
>  del mismo. vg:
>
> ./passgen "pelotas"
> vbGqSV2otBm8E

Prefiero esta versi=F3n - m=E1s corta, eficiente y clara:

#!/usr/bin/perl -w
use strict;
my $plaintext=3Dshift;
my $crypttext =3D crypt($plaintext,join('', ('.', '/', 0..9, 'A'..'Z', 'a'.=
=2E'z')[rand 64, rand 64]));
print "$crypttext\n";

Sal=FAs!

--=20
Gunnar Wolf - gwolf@campus.iztacala.unam.mx - (+52-55)5623-1118
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973  F800 D80E F35A 8BB5 27AF