http://www.perlmonks.org?node_id=745058


in reply to Mention password in the script -encrypted form

Do you need to decrypt this password again or check that a user knows this password ?

If you need to decrypt it again in the script it will only be obfuscated and anyone with enough Perl knowledge will be able to decrypt it too.

if you just need to check a user knows it you can store a hash of the password (MD5 hash should do the trick) and then compare a hash of the user attempt. To make this a little more secure you should mix the password with a salt before hashing it. This stops making a dictionary of many password hashes and then seeing if yours is already know. The salt can be stored clear along with the password hash.

Update, code added
#!/usr/bin/perl use strict; use warnings; use Digest::MD5 qw (md5_base64); print "enter a password to store: "; my $password = <STDIN>; my $salt = time; my $digest = md5_base64($password.$salt); print "salt: $salt hash: $digest\n"; my $enter = 0; until ($enter) { print "Speak friend and enter: "; my $try = <STDIN>; my $tryhash = md5_base64($try.$salt); $enter++ if $tryhash eq $digest; } print "Welcome friend\n"; __END__ # output ... enter a password to store: friend salt: 1235062413 hash: 2eJWH+Yjy1Fw8J9wW6vmAg Speak friend and enter: enemy Speak friend and enter: friend Welcome friend

Cheers,
R.

Pereant, qui ante nos nostra dixerunt!