http://www.perlmonks.org?node_id=975375


in reply to Keeping a password safe.

Here's an interactive script that uses Term::ReadPassword and Digest::MD5. This is just to give you an idea of what to do. It creates a 128-bit message digest of the inputted password. 

#!/usr/bin/perl -T

BEGIN {
    $| = 1;
    $ENV{'USE_STARS'} = 1;
}

use autodie;
use strict qw/refs subs vars/;
use warnings FATAL => 'all';
use Term::ReadPassword;
use Digest::MD5 qw(md5_base64);

if ( $ENV{'AUTOMATED_TESTING'} ) {
    print "Automated testing detected";
    exit;
}

$Term::ReadPassword::USE_STARS = 1;

local (*TTYOUT);
my ( $in, $out ) = Term::ReadLine->findConsole;
die "No console available: $!" unless $out;

if ( open TTYOUT, '>>', $out ) {
    print "Opened TTYOUT: ";
}
else {
    die "Couldn't re-open STDOUT" unless open TTYOUT, '>>', &STDOUT;
}

select( ( select(TTYOUT), $| = 1 )[0] );

INTERACTIVE: {
    my $secrect = '';
    my $new_pw  = '';
    {
        print TTYOUT "\n\tThis is a 'fake' password test\n\n";
        my $new_fakepw = read_password("Enter your 'fake' new password
+: \n");
        if ( not defined $new_pw ) {
            print TTYOUT "\tNo password entered\n";
            next INTERACTIVE;
        }
        else {
            my $secret = $new_pw;
            print TTYOUT "\t Your 'fake' password is now changed \n";
        }
    }

    my $salts =
      " abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
+ . /";
    my $password = $new_pw;
    my $key      = "justakey";

    my $s1   = rand(64);
    my $s2   = rand(64);
    my $salt = substr( $salts, $s1, 1 ) . substr( $salts, $s2, 1 );
    my $encrypted_password = $salt . md5_base64("$salt/$password / $ke
+y ");

    #To verify this password, we would use:

    use Digest::MD5 qw(md5_base64);

    $salts =
      " abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
+ . /";
    my $entered_password = $password;
    $key = "justakey";

    $salt = substr( $encrypted_password, 0, 2 );
    my $pw2 = $salt . md5_base64("$salt/$entered_password / $key ");

    if ( $encrypted_password eq $pw2 ) {
        print "\nApplying  digest...\n";
        print "\t Passwords match\n ";
    }
}

close TTYOUT;

[download]

Replies are listed 'Best First'.
Re^2: Keeping a password safe.
by davido (Cardinal) on Jun 10, 2012 at 16:43 UTC

    I understand this is an example only, but MD5 is no longer considered cryptographically secure, and new projects probably shouldn't be using it. There are several alternatives, and thanks to CPAN they're just about as easy to use as MD5. Nowadays it seems the general consensus is leaning toward SHA2-256 or SHA2-512, or somethig from AES (Rijndael).


    Dave

[reply]

In Section Seekers of Perl Wisdom