Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw

Re: Mention password in the script -encrypted form

by Random_Walk (Prior)
on Feb 19, 2009 at 14:25 UTC ( #745058=note: print w/replies, xml ) Need Help??

in reply to Mention password in the script -encrypted form

Do you need to decrypt this password again or check that a user knows this password ?

If you need to decrypt it again in the script it will only be obfuscated and anyone with enough Perl knowledge will be able to decrypt it too.

if you just need to check a user knows it you can store a hash of the password (MD5 hash should do the trick) and then compare a hash of the user attempt. To make this a little more secure you should mix the password with a salt before hashing it. This stops making a dictionary of many password hashes and then seeing if yours is already know. The salt can be stored clear along with the password hash.

Update, code added
#!/usr/bin/perl use strict; use warnings; use Digest::MD5 qw (md5_base64); print "enter a password to store: "; my $password = <STDIN>; my $salt = time; my $digest = md5_base64($password.$salt); print "salt: $salt hash: $digest\n"; my $enter = 0; until ($enter) { print "Speak friend and enter: "; my $try = <STDIN>; my $tryhash = md5_base64($try.$salt); $enter++ if $tryhash eq $digest; } print "Welcome friend\n"; __END__ # output ... enter a password to store: friend salt: 1235062413 hash: 2eJWH+Yjy1Fw8J9wW6vmAg Speak friend and enter: enemy Speak friend and enter: friend Welcome friend


Pereant, qui ante nos nostra dixerunt!

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://745058]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (3)
As of 2018-06-24 13:21 GMT
Find Nodes?
    Voting Booth?
    Should cpanminus be part of the standard Perl release?

    Results (126 votes). Check out past polls.