Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

encryption in perl

by rashlin (Novice)
on Jun 06, 2012 at 06:41 UTC ( [id://974651]=perlquestion: print w/replies, xml ) Need Help??

rashlin has asked for the wisdom of the Perl Monks concerning the following question:

i am trying to use encryption in perl to encrypt number of passwords, the current encryption methods that was decided to try is AES.

We found 3 known perl modules which implement AES encryption: Crypt::Rijndael, Crypt::Rijndael_pp and Crypt::OpenSSL::AES.

my question is:

The CPAN page for Crypt::OpenSSL::AES claims that Crypt::Rijndael is not working properly on 64-bit x86 machines while in another site I found a reference that Crypt::Rijndael_pp is preferred (http://redgoose.ca/blog/aes256-encryption-with-perl-and-oracle). Do you know which of them is the best for this purpose?

Replies are listed 'Best First'.
Re: encryption in perl
by davido (Cardinal) on Jun 06, 2012 at 07:01 UTC

    The CPAN Testers Matrix for Crypt::OpenSSL::AES doesn't look good for Windows platforms, but looking at the individual PASS/FAIL reports I see plenty of x86 64-bit PASSes, as well as some FAILs on a variety of platforms. It's an XS module, so it's not surprising that a few FAILs turn up; it's hard, as an XS author, to assure that installation will go well for everyone, considering the diversity of configurations found out there in the wild.

    Crypt::Rijndael_pp seems to have a much cleaner CPAN Testers Matrix, which includes Windows, and no FAILs. One would expect that, as well as somewhat slower performance, of a "pure Perl" module.

    Crypt::Rijndael (sans _pp) has done extremely well with the smoke testers, especially considering it's an XS based module. I'd put my eggs in that basket if I needed a reversible AES encryption. It's going to be efficient, and well written (look at the current maintainer).

    You mentioned you're encrypting passwords. Are you encrypting for reversibility, or would an irreversible digest work for you? If a digest is all that's needed, the Authen::Passphrase module and some of the modules that subclass it are good choices.


    Dave

[reply]
[d/l]
Re: encryption in perl
by Anonymous Monk on Jun 06, 2012 at 07:21 UTC
    Crypt::OpenSSL::AES hasn't been updated since 2007 so that statement is no longer valid. check the rt tracker from Crypt::Rijndael and you can see that 64 bit support was added in 2007.
[reply]

      Thank you all for you answers, we will try our luck with Crypt::Rijndael, Digest::Bcrypt seems also like a nice option.

      Thank you again for your help.

[reply]
Re: encryption in perl
by derby (Abbot) on Jun 06, 2012 at 11:34 UTC

    Well ... if by encrypt, you mean one way hash (no way to decrypt), then Digest::Bcrypt or Digest::SHA (but not the SHA1 part -- that's been proven breakable) is the way to go. The 2011 dancer advent calendar had a nice write-up.

    -derby
[reply]
Re: encryption in perl
by radiantmatrix (Parson) on Jun 06, 2012 at 20:28 UTC

    Please make sure you examine why you're encrypting passwords. If you're storing passwords your app must use to log-in to another service, OK. If these are passwords that people or applications will use to authenticate to you, you should be using a salted one-way hash (see this article for a nice overview).

    Basically, you want to use some thing like Math::Random::Secure to generate a secure "salt", add that salt to the password, then hash the whole thing with Crypt::Eksblowfish::Bcrypt or the sha512 methods from Digest::SHA. Don't forget to store the salt, too, or you'll have trouble on check.

    When you check the user's password input, you retrieve the salt and the hash, hash the salt with the provided password, and compare the hash you just generated to the one you stored. If they match, the user provided the right password.

    <radiant.matrix>
    Ramblings and references
    “A positive attitude may not solve all your problems, but it will annoy enough people to make it worth the effort.” — Herm Albright
    I haven't found a problem yet that can't be solved by a well-placed trebuchet
[reply]
[d/l]
      thanks for your responses, i need to be able to decrypt it, the password is needed to connect to an external application.
[reply]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://974651]
Approved by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having an uproarious good time at the Monastery: (4)
As of 2024-04-19 16:58 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found