Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Re: Password Encryption

by derby (Abbot)
on Aug 20, 2002 at 08:17 UTC ( #191408=note: print w/ replies, xml ) Need Help??


in reply to Password Encryption

For storing passwords, you really don't want encryption, you want a one-way hash function such as crypt. This allows you to safely "encrypt" (one-way hash) a word but you can never really decrypt. In order to check if the password is valid, you would run the entered password through the one-way hash function and compare that value with the stored value. The unicode req really throws a wrench into things, I'm not sure if crypt will handle that. There are other one-way hash modules on cpan such as MD5 and SHA that may also be helpful.

-derby


Comment on Re: Password Encryption
Re: Re: Password Encryption
by ichimunki (Priest) on Aug 20, 2002 at 14:25 UTC

    Although I like the approach of using hashes to protect passwords, this system does have a major drawback in that the passwords are not recoverable. In some cases this is unacceptable since it means options like, "email me my password" are not available. Since the poster specified the ability to "decrypt" the password, either they are unclear on what their requirements truly are, or a one-way function is not a solution in this case.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://191408]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (10)
As of 2014-12-27 18:30 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (177 votes), past polls