in reply to Keeping a password safe.
Here's an interactive script that uses
Term::ReadPassword and
Digest::MD5. This is just to give you an idea of what to do.
It creates a 128-bit message digest of the inputted
password.
#!/usr/bin/perl -T BEGIN { $| = 1; $ENV{'USE_STARS'} = 1; } use autodie; use strict qw/refs subs vars/; use warnings FATAL => 'all'; use Term::ReadPassword; use Digest::MD5 qw(md5_base64); if ( $ENV{'AUTOMATED_TESTING'} ) { print "Automated testing detected"; exit; } $Term::ReadPassword::USE_STARS = 1; local (*TTYOUT); my ( $in, $out ) = Term::ReadLine->findConsole; die "No console available: $!" unless $out; if ( open TTYOUT, '>>', $out ) { print "Opened TTYOUT: "; } else { die "Couldn't re-open STDOUT" unless open TTYOUT, '>>', &STDOUT; } select( ( select(TTYOUT), $| = 1 )[0] ); INTERACTIVE: { my $secrect = ''; my $new_pw = ''; { print TTYOUT "\n\tThis is a 'fake' password test\n\n"; my $new_fakepw = read_password("Enter your 'fake' new password +: \n"); if ( not defined $new_pw ) { print TTYOUT "\tNo password entered\n"; next INTERACTIVE; } else { my $secret = $new_pw; print TTYOUT "\t Your 'fake' password is now changed \n"; } } my $salts = " abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 + . /"; my $password = $new_pw; my $key = "justakey"; my $s1 = rand(64); my $s2 = rand(64); my $salt = substr( $salts, $s1, 1 ) . substr( $salts, $s2, 1 ); my $encrypted_password = $salt . md5_base64("$salt/$password / $ke +y "); #To verify this password, we would use: use Digest::MD5 qw(md5_base64); $salts = " abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 + . /"; my $entered_password = $password; $key = "justakey"; $salt = substr( $encrypted_password, 0, 2 ); my $pw2 = $salt . md5_base64("$salt/$entered_password / $key "); if ( $encrypted_password eq $pw2 ) { print "\nApplying digest...\n"; print "\t Passwords match\n "; } } close TTYOUT;
In Section
Seekers of Perl Wisdom