Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW

Re: Password Encryption

by derby (Abbot)
on Aug 20, 2002 at 08:17 UTC ( #191408=note: print w/replies, xml ) Need Help??

in reply to Password Encryption

For storing passwords, you really don't want encryption, you want a one-way hash function such as crypt. This allows you to safely "encrypt" (one-way hash) a word but you can never really decrypt. In order to check if the password is valid, you would run the entered password through the one-way hash function and compare that value with the stored value. The unicode req really throws a wrench into things, I'm not sure if crypt will handle that. There are other one-way hash modules on cpan such as MD5 and SHA that may also be helpful.


Replies are listed 'Best First'.
Re: Re: Password Encryption
by ichimunki (Priest) on Aug 20, 2002 at 14:25 UTC

    Although I like the approach of using hashes to protect passwords, this system does have a major drawback in that the passwords are not recoverable. In some cases this is unacceptable since it means options like, "email me my password" are not available. Since the poster specified the ability to "decrypt" the password, either they are unclear on what their requirements truly are, or a one-way function is not a solution in this case.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://191408]
and the radiator hisses contentedly...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (5)
As of 2018-04-20 19:31 GMT
Find Nodes?
    Voting Booth?