http://www.perlmonks.org?node_id=961567


in reply to Re^2: Password Encryption and Decryption
in thread Password Encryption and Decryption

i agree with everyone here encrypting and decrypting is futile

Fair enough, 'everyone' is saying don't encrypt/decrypt passwords. That might lead someone to the (incorrect) conclusion that 'everyone' thinks passwords should just be stored in plain text.

What 'everyone' was failing to say is that the correct approach is to stored hashed passwords rather than encrypted passwords.

Replies are listed 'Best First'.
Re^4: Password Encryption and Decryption
by JavaFan (Canon) on Mar 26, 2012 at 08:55 UTC
    No, noone is failing to say that. Everyone but you is realizing that storing a hashed password isn't going to solve the OPs problem.

    Here's an example how hashed passwords are utterly useless: You have an application that needs access to a database. Access is password controlled. I give you the hashed password, and tell you to write a script to retrieve a piece of data from the database. Now, what's your plan? How do you intend to use this hashed password?

    Hashed passwords are great if your purpose is to check whether a given password is valid. However, the point of hashing passwords is to make retrieving them impractical. Which means that if you need the plain text password, hashed passwords are not the answer.

      Hashed passwords are great if your purpose is to check whether a given password is valid.

      Which is what I understand the original requirements to be. They are a bit unclear - I interpreted them as needing to check a password, you interpreted them as needing a password in clear text (perhaps to pass to a DB or something else).