Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Re: Keeping a password safe.

by Khen1950fx (Canon)
on Jun 10, 2012 at 06:23 UTC ( [id://975375]=note: print w/replies, xml ) Need Help??


in reply to Keeping a password safe.

Here's an interactive script that uses Term::ReadPassword and Digest::MD5. This is just to give you an idea of what to do. It creates a 128-bit message digest of the inputted password.
#!/usr/bin/perl -T BEGIN { $| = 1; $ENV{'USE_STARS'} = 1; } use autodie; use strict qw/refs subs vars/; use warnings FATAL => 'all'; use Term::ReadPassword; use Digest::MD5 qw(md5_base64); if ( $ENV{'AUTOMATED_TESTING'} ) { print "Automated testing detected"; exit; } $Term::ReadPassword::USE_STARS = 1; local (*TTYOUT); my ( $in, $out ) = Term::ReadLine->findConsole; die "No console available: $!" unless $out; if ( open TTYOUT, '>>', $out ) { print "Opened TTYOUT: "; } else { die "Couldn't re-open STDOUT" unless open TTYOUT, '>>', &STDOUT; } select( ( select(TTYOUT), $| = 1 )[0] ); INTERACTIVE: { my $secrect = ''; my $new_pw = ''; { print TTYOUT "\n\tThis is a 'fake' password test\n\n"; my $new_fakepw = read_password("Enter your 'fake' new password +: \n"); if ( not defined $new_pw ) { print TTYOUT "\tNo password entered\n"; next INTERACTIVE; } else { my $secret = $new_pw; print TTYOUT "\t Your 'fake' password is now changed \n"; } } my $salts = " abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 + . /"; my $password = $new_pw; my $key = "justakey"; my $s1 = rand(64); my $s2 = rand(64); my $salt = substr( $salts, $s1, 1 ) . substr( $salts, $s2, 1 ); my $encrypted_password = $salt . md5_base64("$salt/$password / $ke +y "); #To verify this password, we would use: use Digest::MD5 qw(md5_base64); $salts = " abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 + . /"; my $entered_password = $password; $key = "justakey"; $salt = substr( $encrypted_password, 0, 2 ); my $pw2 = $salt . md5_base64("$salt/$entered_password / $key "); if ( $encrypted_password eq $pw2 ) { print "\nApplying digest...\n"; print "\t Passwords match\n "; } } close TTYOUT;

Replies are listed 'Best First'.
Re^2: Keeping a password safe.
by davido (Cardinal) on Jun 10, 2012 at 16:43 UTC

    I understand this is an example only, but MD5 is no longer considered cryptographically secure, and new projects probably shouldn't be using it. There are several alternatives, and thanks to CPAN they're just about as easy to use as MD5. Nowadays it seems the general consensus is leaning toward SHA2-256 or SHA2-512, or somethig from AES (Rijndael).


    Dave

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://975375]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others contemplating the Monastery: (4)
As of 2024-03-29 10:48 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found