Situation in perl
$password = 'admin';
$newchal = 'hnfdfhj238478wdehf';
$password2 = unpack "H32", ($password ^ $newchal);
this is very important becuase i'm sending this password to a radius server that needs the right encoding.. This method above is from a standard script.
now in PHP i tried:
$password2 = unpack("H32", $password.''.$newchal);
I compared the outcoming but it's different.. I can't figure out what the '^' means in perl. Can anyone help me out?
The ^ is the bitwise XOR (exclusive-or) operator in C-derived languages, including Perl and PHP.
For further information, read the docs for PHP and Perl.
A XOR operation is true when exactly one of both operands is true. The truth table is
0 ^ 0 == 0
0 ^ 1 == 1
1 ^ 0 == 1
1 ^ 1 == 0
When the bitwise XOR is used on strings, then each bit of the binary representation is XORed together.
E.g. a is ASCII 0x61, and h is ASCII 0x68. XORed together, they produce a tab:
a (61): 01100001
h (68): 01101000
\t (09): 00001001
Bitwise XORs are sometimes used for reversible “encryption”, but this trick is widely known, and quite unsafe. E.g. in your example, passwords with a greater length then the key are not fully XORed, so parts of the plaintext stay visible. If the same key is shared for multiple passwords, cracking is extremely cheap. Such “encryptions” are also highly vulnerable to e.g. plaintext attacks. To store passwords, more sophisticated hashing algorithms should be used. There are special password hashing algorithms like bcrypt or PBKDF2.
