| Subject: | crypt encoding uses colon |
| Date: | Tue, 2 Dec 2014 17:20:28 +0000 |
| To: | bug-Crypt-PBKDF2 [...] rt.cpan.org |
| From: | Zefram <zefram [...] fysh.org> |
Crypt::PBKDF2's `crypt-like' encoding of password recognition parameters
includes colon characters as subfield delimiters. This means that the
string could never appear in the password field of /etc/passwd or related
files, because they use colon as their field delimiter. This encoding
thus can't be used in anything that similarly uses colon delimiters for
crypt-encoded password fields. The encoding is therefore quite unlike
crypt in this rather important respect.
I suggest that the encoding should be changed to use some other character
as the subfield delimiter. Dollar, already used as a subfield delimiter,
would be totally appropriate: there's no general rule about the use of
dollar signs after the format prefix. Any ASCII graphical character
that's neither a base64 digit nor colon could be used. Obviously,
on input the module should continue to accept the colon-using encoding.
-zefram