Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid

Storing encryted passwords in MySQL

by spacewarp (Pilgrim)
on Jun 06, 2003 at 19:58 UTC ( #263835=perlquestion: print w/replies, xml ) Need Help??
spacewarp has asked for the wisdom of the Perl Monks concerning the following question:

I'm writing an application for which authentication is necessary. While I understand how crypt() works, what I'm wondering (and finding a dearth of information on) is how long the resulting strings will be, so I can allocate appropriate space in a fixed-width database (in this case, MySQL).

I'm sure I can't be the first person that's come across this.. does anyone have a solution? (incidentally, the passwords will be limited to a max of 12 characters)

Thanks in advance..

DISCLAIMER: Use of this advanced computing technology does not imply an endorsemen +t of Western industrial civilization.

update (broquaint): dropped HTML formatting from disclaimer

Replies are listed 'Best First'.
Re: Storing encryted passwords in MySQL
by pzbagel (Chaplain) on Jun 06, 2003 at 20:13 UTC

    From 'man 3c crypt' in my gcc installation:

    By taking the lowest 7 bits of each of the first eight characters of the key, a 56-bit key is obtained. This 56-bit key is used to encrypt repeatedly a constant string (usually a string consisting of all zeros). The returned value points to the encrypted password, a series of 13 printable ASCII characters (the first two characters rep- resent the salt itself). The return value points to static data whose content is overwritten by each call.

    You are limited to 8 characters for the password no matter how many input characters are allowed. Also, the output will be exactly 13 characters long.

    If you want to allow longer passwords, look at MD5 instead of crypt. Your passwords can be arbitrarily long and the resulting hash will be 32 characters for hex and 22 for base64.


      This was the first data I came across, but it doesn't mesh with what I'm seeing on my system. My login password is 10 characters (for my convenience), and the encrypted output seems to be 34 characters, as are several others, thus leading to my question here.


      DISCLAIMER:<BR> Use of this advanced computing technology does not imply an endorsemen +t<BR> of Western industrial civilization.<BR>

        What OS are you running? Newer distributions of Linux typically use MD5 password hashes rather than crypt.

Re: Storing encryted passwords in MySQL
by arthas (Hermit) on Jun 07, 2003 at 10:23 UTC

    You can also use the MySQL functions for encrypting passwords.

    While the usage of password() is discouraged in user applications, there is crypt() (which calls system's crypt, so it's exactly as Perl's crypt, with an 8 chars string limit). If you need MD5, therere md5(); also, you can use sha1() to get a SHA checksum of your password.

    Full documentation can be found here.

    Hope this helps.


Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://263835]
Approved by jlk
Front-paged by broquaint
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (5)
As of 2017-09-26 02:55 GMT
Find Nodes?
    Voting Booth?
    During the recent solar eclipse, I:

    Results (291 votes). Check out past polls.