Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

Re^2: Password Encryption and Decryption

by jose_m (Acolyte)
on Mar 25, 2012 at 22:22 UTC ( #961550=note: print w/ replies, xml ) Need Help??


in reply to Re: Password Encryption and Decryption
in thread Password Encryption and Decryption

use a password file and cat that file to get the password when you need it. i agree with everyone here encrypting and decrypting is futile since an attacker can just run your decrypter and get the file.


Comment on Re^2: Password Encryption and Decryption
Re^3: Password Encryption and Decryption
by grantm (Parson) on Mar 26, 2012 at 01:08 UTC
    i agree with everyone here encrypting and decrypting is futile

    Fair enough, 'everyone' is saying don't encrypt/decrypt passwords. That might lead someone to the (incorrect) conclusion that 'everyone' thinks passwords should just be stored in plain text.

    What 'everyone' was failing to say is that the correct approach is to stored hashed passwords rather than encrypted passwords.

      No, noone is failing to say that. Everyone but you is realizing that storing a hashed password isn't going to solve the OPs problem.

      Here's an example how hashed passwords are utterly useless: You have an application that needs access to a database. Access is password controlled. I give you the hashed password, and tell you to write a script to retrieve a piece of data from the database. Now, what's your plan? How do you intend to use this hashed password?

      Hashed passwords are great if your purpose is to check whether a given password is valid. However, the point of hashing passwords is to make retrieving them impractical. Which means that if you need the plain text password, hashed passwords are not the answer.

        Hashed passwords are great if your purpose is to check whether a given password is valid.

        Which is what I understand the original requirements to be. They are a bit unclear - I interpreted them as needing to check a password, you interpreted them as needing a password in clear text (perhaps to pass to a DB or something else).

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://961550]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (13)
As of 2014-11-24 14:02 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My preferred Perl binaries come from:














    Results (141 votes), past polls