[Linux] Re: PERL SCRIPT WRITING

Stuart D. Gathman stuart at bmsi.com
Tue Jul 6 12:54:27 EDT 2004 

On Sun, 4 Jul 2004, Ronda Pierce wrote:

> maybe in the near future ).  I use Rational's config./changemangement tools
> ClearCase and ClearQuest.  I need to create triggers for this new project
> thus t!  he Perl scripts.  I will look into the Python.  I believe I will
> have the flexibility to choose.  If not I will have to use the Perl.  Do you
> think Python will be a good beginners script and not a waste of time if I
> have to learn Perl but a help?

The functionality is very similar between Perl and Python.  In fact, there
is a project to make them use the same virtual machine.  However, Perl
emphasizes lots of special operators, and tempts programmers to cram
as much code into a line as possible.  Here is a Perl program to 
encode a message using RSA public key encryption:

#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)

More realistically :-), here is a well written Perl function to
verify a cryptographic hash signature:

sub hash_verify {
        my ($self, $hash, @args) = @_;
        return undef unless length $hash >= $self->{HashMin};
        my @secret = $self->get_secret;
        croak "Cannot verify a cryptographic MAC without a secret"
                                        unless @secret;
        my @valid = ();
        foreach my $secret (@secret) {
                my $hmac = new Digest::HMAC_SHA1($secret);
                foreach (@args) {
                        $hmac->add(lc $_);
                }
                my $valid = substr($hmac->b64digest, 0, length($hash));
                # We test all case sensitive matches before case insensitive
                # matches. While the risk of a case insensitive collision is
                # quite low, we might as well be careful.
                return 1 if $valid eq $hash;
                push(@valid, $valid);   # Lowercase it later.
        }
        $hash = lc($hash);
        foreach (@valid) {
                if ($hash eq lc($_)) {
                        warn "SRS: Case insensitive hash match detected. " .
                                "Someone smashed case in the local-part.";
                        return 1;
                }
        }
        return undef;
}

And here is the same function translated to Python:

  def hash_verify(self,hash,*data):
    if len(hash) < self.hashmin: return False
    secret = self.get_secret()
    assert secret, "Cannot create a cryptographic MAC without a secret"
    hashes = []
    for s in secret:
      h = hmac.new(s,'',sha)
      for i in data:
        h.update(i.lower())
      valid = base64.encodestring(h.digest())[:len(hash)]
      # We test all case sensitive matches before case insensitive
      # matches. While the risk of a case insensitive collision is
      # quite low, we might as well be careful.
      if valid == hash: return True
      hashes.append(valid)      # lowercase it later
    hash = hash.lower()
    for h in hashes:
      if hash == h.lower():
        self.warn("""SRS: Case insensitive hash match detected.
Someone smashed case in the local-part.""")
        return True
    return False;

-- 
	      Stuart D. Gathman <stuart at bmsi.com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

More information about the Linux mailing list