Subject: Re: A question for the Perl programmers on the list
From: Arthur Corliss (arthur@corlissfamily.org)
Date: Sat Dec 07 2002 - 23:28:25 AKST
On Sat, 7 Dec 2002, Greg Jetter wrote:
>
> I am trying to find a method of encrypting and decrypting password for a
> project im working on , I don't have a full understanding of the various
> methods in use. Does the MD5 method of encryption lend it self to use as
> an encryptrion method for passwords? Any one know of a simple to use Perl
> module for encrypting and decrypting passwords ?
MD5 isn't an encryption algorithm, per se, though it's possible to use as a
one-way hash, much like the traditional UNIX crypt() function (Perl supports
both, of course, and much more).
I would recommend that you avoid ever having to decrypt passwords. One-way
hashes are much more secure, since there is technically no feasible way to
decrypt them outside of a brute-force dictionary attack. Plus, you avoid
having to worry about any programmatic errors that would allow a hacker to
retrieve a plain-text password.
Instead, just compare the encrypted password to the encrypted form of whatever
the user types in. A match means you have a good password, and your program
never knows (and can't give up) the plain-text contents of the password
database.
--Arthur Corliss
Bolverk's Lair -- http://arthur.corlissfamily.org/
Digital Mages -- http://www.digitalmages.com/
"Live Free or Die, the Only Way to Live" -- NH State Motto
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
This archive was generated by hypermail 2a23 : Sun Dec 08 2002 - 00:03:25 AKST