comment on

Please make sure you examine why you're encrypting passwords. If you're storing passwords your app must use to log-in to another service, OK. If these are passwords that people or applications will use to authenticate to you, you should be using a salted one-way hash (see this article for a nice overview).

Basically, you want to use some thing like Math::Random::Secure to generate a secure "salt", add that salt to the password, then hash the whole thing with Crypt::Eksblowfish::Bcrypt or the sha512 methods from Digest::SHA. Don't forget to store the salt, too, or you'll have trouble on check.

When you check the user's password input, you retrieve the salt and the hash, hash the salt with the provided password, and compare the hash you just generated to the one you stored. If they match, the user provided the right password.

<–radiant.matrix–>
Ramblings and references
“A positive attitude may not solve all your problems, but it will annoy enough people to make it worth the effort.” — Herm Albright
I haven't found a problem yet that can't be solved by a well-placed trebuchet

In reply to Re: encryption in perl by radiantmatrix
in thread encryption in perl by rashlin

Are you posting in the right place? Check out Where do I post X? to know for sure.
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
Want more info? How to link or How to display code and escape characters are good places to start.


Think about Loose Coupling
	PerlMonks