Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?

Re: encryption in perl

by radiantmatrix (Parson)
on Jun 06, 2012 at 20:28 UTC ( #974826=note: print w/replies, xml ) Need Help??

in reply to encryption in perl

Please make sure you examine why you're encrypting passwords. If you're storing passwords your app must use to log-in to another service, OK. If these are passwords that people or applications will use to authenticate to you, you should be using a salted one-way hash (see this article for a nice overview).

Basically, you want to use some thing like Math::Random::Secure to generate a secure "salt", add that salt to the password, then hash the whole thing with Crypt::Eksblowfish::Bcrypt or the sha512 methods from Digest::SHA. Don't forget to store the salt, too, or you'll have trouble on check.

When you check the user's password input, you retrieve the salt and the hash, hash the salt with the provided password, and compare the hash you just generated to the one you stored. If they match, the user provided the right password.

Ramblings and references
“A positive attitude may not solve all your problems, but it will annoy enough people to make it worth the effort.” Herm Albright
I haven't found a problem yet that can't be solved by a well-placed trebuchet

Replies are listed 'Best First'.
Re^2: encryption in perl
by rashlin (Novice) on Jun 10, 2012 at 14:23 UTC
    thanks for your responses, i need to be able to decrypt it, the password is needed to connect to an external application.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://974826]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (5)
As of 2016-10-26 02:59 GMT
Find Nodes?
    Voting Booth?
    How many different varieties (color, size, etc) of socks do you have in your sock drawer?

    Results (330 votes). Check out past polls.