|Think about Loose Coupling|
Ecrypting passwordsby SavannahLion (Pilgrim)
|on Oct 05, 2003 at 22:01 UTC||Need Help??|
SavannahLion has asked for the
wisdom of the Perl Monks concerning the following question:
There's been a discussion in my group about encrypting the passwords of people who log into the site. Similar to the one way encryption of Linux passwords.
Right now, the site stores the passwords in a seperate directory from the perl script to avoid the chance that someone may figure out how to read the directory contents. The password directory isn't readable by anyone except the running script.
We plan on shifting the site from a flat file storage scheme to a MySQL DB and will likely store the passwords in this database. At that point should we even store the passwords in this DB and if so, how do I encrypt it via Perl? I've thought about using MD5 or CRC32, but the passwords are likely to be very short, anywhere from 8 to perhaps 24 or so characters and I don't know if those two checks would be fine or not.
I did a search for password hashes, but naturally, hash has a different meaning in Perl and the results were not what I needed :( What should I be looking for out there? Is it fair to stick a link to my site here?
Thanks for you patience.