Beefy Boxes and Bandwidth Generously Provided by pair Networks Cowboy Neal with Hat
Syntactic Confectionery Delight
 
PerlMonks  

Re: Keeping a password safe.

by Khen1950fx (Canon)
on Jun 10, 2012 at 06:23 UTC ( #975375=note: print w/ replies, xml ) Need Help??


in reply to Keeping a password safe.

Here's an interactive script that uses Term::ReadPassword and Digest::MD5. This is just to give you an idea of what to do. It creates a 128-bit message digest of the inputted password.

#!/usr/bin/perl -T BEGIN { $| = 1; $ENV{'USE_STARS'} = 1; } use autodie; use strict qw/refs subs vars/; use warnings FATAL => 'all'; use Term::ReadPassword; use Digest::MD5 qw(md5_base64); if ( $ENV{'AUTOMATED_TESTING'} ) { print "Automated testing detected"; exit; } $Term::ReadPassword::USE_STARS = 1; local (*TTYOUT); my ( $in, $out ) = Term::ReadLine->findConsole; die "No console available: $!" unless $out; if ( open TTYOUT, '>>', $out ) { print "Opened TTYOUT: "; } else { die "Couldn't re-open STDOUT" unless open TTYOUT, '>>', &STDOUT; } select( ( select(TTYOUT), $| = 1 )[0] ); INTERACTIVE: { my $secrect = ''; my $new_pw = ''; { print TTYOUT "\n\tThis is a 'fake' password test\n\n"; my $new_fakepw = read_password("Enter your 'fake' new password +: \n"); if ( not defined $new_pw ) { print TTYOUT "\tNo password entered\n"; next INTERACTIVE; } else { my $secret = $new_pw; print TTYOUT "\t Your 'fake' password is now changed \n"; } } my $salts = " abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 + . /"; my $password = $new_pw; my $key = "justakey"; my $s1 = rand(64); my $s2 = rand(64); my $salt = substr( $salts, $s1, 1 ) . substr( $salts, $s2, 1 ); my $encrypted_password = $salt . md5_base64("$salt/$password / $ke +y "); #To verify this password, we would use: use Digest::MD5 qw(md5_base64); $salts = " abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 + . /"; my $entered_password = $password; $key = "justakey"; $salt = substr( $encrypted_password, 0, 2 ); my $pw2 = $salt . md5_base64("$salt/$entered_password / $key "); if ( $encrypted_password eq $pw2 ) { print "\nApplying digest...\n"; print "\t Passwords match\n "; } } close TTYOUT;


Comment on Re: Keeping a password safe.
Download Code
Re^2: Keeping a password safe.
by davido (Archbishop) on Jun 10, 2012 at 16:43 UTC

    I understand this is an example only, but MD5 is no longer considered cryptographically secure, and new projects probably shouldn't be using it. There are several alternatives, and thanks to CPAN they're just about as easy to use as MD5. Nowadays it seems the general consensus is leaning toward SHA2-256 or SHA2-512, or somethig from AES (Rijndael).


    Dave

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://975375]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (6)
As of 2014-04-20 09:33 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    April first is:







    Results (485 votes), past polls