Perl crypt Function

The crypt function is used to store passwords or other sensitive data using ASCII characters as encrypted strings.

The syntax form of the Perl crypt function is as follows:

$encryptedString = crypt $string, $salt
As you can see, this function has two arguments:
  • $string which is the string to be encrypted
  • $salt that is used to select an encrypted version from many variations
It returns the encrypted string.

Using the DES encryption method, the salt variable could be any two characters from the set:

{ '.', '/', 0 .. 9, 'A' .. 'Z', 'a' .. 'z }.

This set of characters is just a recommendation, you can include more characters here. The salt is stored in the encrypted string as the first two characters for later comparisons. Small changes in the $string or $salt will result in large changes in the resulting encrypted string.

Please note that you need to use the same salt for the stored encrypted string and for the string you want to check.

Let’s see an example here:

use strict;
use warnings;
# initialze the string to be encrypted
my $psw = '1qazpoiu^^';
my $salt = 'ab';
# crypt and store the encrypted string in a variable
my $encryptedPsw = crypt $psw, $salt;
# print the encrypted password
print "$encryptedPsw\n";
# it displays: abzmCVGjNHc3M
# please note the presence of the salt at the
# begining of the encrypted string
# read a password from STDIN
print "Your password:";
chomp (my $readPsw = <STDIN>);
if($encryptedPsw eq crypt ($readPsw, $encryptedPsw)) {
  print "Password OK\n";
} else {
  print "Password NOK\n";
Here’s an example of output:

Your password:1qazpoiu^^
Password OK

Please note that for checking the password read from STDIN we used as salt the stored encrypted password because this string begins with the first two characters of the initial salt.

It’s a good practice to use random characters for the salt as shown in the following example:

use strict;
use warnings;
sub encryptingPsw {
  my $psw = shift;
  my $count = shift;
  my @salt = ('.', '/', 'a'..'z', 'A'..'Z', '0'..'9'); 
  my $salt = "";
  $salt.= $salt[rand(63)] foreach(1..$count);
  print "\$salt = $salt\n";
  crypt($psw, $salt);
my $encryptedPsw = &encryptingPsw('ab#$cd', 4);
print "$encryptedPsw\n";
Here’s an example of output:
    $salt = dBli
The code begins with the body of the encryptingPsw subroutine. This subroutine has two arguments:
  • the password to be encrypted
  • the number of characters of the salt string

The characters of the $salt string are selected using the rand function and are concatenating using the . operator. At the end of the subroutine the $salt is printed and the Perl crypt function is called to encrypt the input password with the random salt.

You don’t need to use the return function explicitly because the subroutine will return by default the result of the last executed statement – in our case the encrypted password returned by the Perl crypt function.

If you look at the output you can notice that only the first two characters from the salt are present at the beginning of the encrypted string, because only the first two characters from salt are used in this implementation of the Perl crypt function. But if for other implementation of the Perl crypt function more than two characters will be used, the previous example subroutine will work for you.

The next example is for a Unix/Linux platform and assures that whoever runs this program knows his password:

use strict;
use warnings;
# get the user password
my $pwd = (getpwuid($<))[1];
system "stty -echo";
print "Password: ";
chomp(my $word = <STDIN>);
print "\n";
system "stty echo";
if (crypt($word, $pwd) ne $pwd) {
   die "Sorry wrong password\n";
} else {
   print "ok, correct password\n";
This script begins with the assigning of the user current password into the $pwd scalar variable, by using the getpwuid routine. This routine has as argument the UID that is a unique positive integer assigned by a Unix/Linux operating system to each user.
In Perl language the $< special variable means the real UID of a process. The getpwuid routine returns a list as follows:

($name, $passwd, $uid, $gid, $quota, $comment, $gcos, $dir, $shell, $expire)

where the password element has the index 1. So (getpwuid($<))[1] will return the password of the current user.

The system function is used to put first the terminal into 'no echo' mode then just read the password normally. After reading the password, the terminal will be put back in the 'echo' mode.

Finally, the Perl crypt function will be used to check up if the password typed by the user is correct. (Unix / Linux servers use DES in order to encrypt the passwords).