Hi.
Just in case someone will step on it too.
'perl -le 'print crypt("password", "salt")' is a root cause for situation when you can input any random sequence after entering valid password. Like, imagine, you have a password "mys3cr3t", and you generated a hash using perl one-liner above. This way, any password of the following ones (and similar in general) will be valid:
mys3cr3t
mys3cr3t11
mys3cr3tkwdhekcgejhcdg
mys3cr3t8776e3df3uyd386dt7d6t
So - use apr1, this is more secure.
Just in case someone will step on it too.
'perl -le 'print crypt("password", "salt")' is a root cause for situation when you can input any random sequence after entering valid password. Like, imagine, you have a password "mys3cr3t", and you generated a hash using perl one-liner above. This way, any password of the following ones (and similar in general) will be valid:
mys3cr3t
mys3cr3t11
mys3cr3tkwdhekcgejhcdg
mys3cr3t8776e3df3uyd386dt7d6t
So - use apr1, this is more secure.