Re: A question for the Perl programmers on the list


Subject: Re: A question for the Perl programmers on the list
From: Greg Jetter (greg@lazymountain.com)
Date: Sun Dec 08 2002 - 12:47:06 AKST


On Saturday 07 December 2002 11:28 pm, Arthur Corliss wrote:
> On Sat, 7 Dec 2002, Greg Jetter wrote:
> > I am trying to find a method of encrypting and decrypting password for a
> > project im working on , I don't have a full understanding of the
> > various methods in use. Does the MD5 method of encryption lend it self
> > to use as an encryptrion method for passwords? Any one know of a simple
> > to use Perl module for encrypting and decrypting passwords ?
>
> MD5 isn't an encryption algorithm, per se, though it's possible to use as a
> one-way hash, much like the traditional UNIX crypt() function (Perl
> supports both, of course, and much more).
>
> I would recommend that you avoid ever having to decrypt passwords. One-way
> hashes are much more secure, since there is technically no feasible way to
> decrypt them outside of a brute-force dictionary attack. Plus, you avoid
> having to worry about any programmatic errors that would allow a hacker to
> retrieve a plain-text password.
>
> Instead, just compare the encrypted password to the encrypted form of
> whatever the user types in. A match means you have a good password, and
> your program never knows (and can't give up) the plain-text contents of the
> password database.
>
> --Arthur Corliss
> Bolverk's Lair -- http://arthur.corlissfamily.org/
> Digital Mages -- http://www.digitalmages.com/
> "Live Free or Die, the Only Way to Live" -- NH State Motto

good idea i'll give it a try , the problem im considering is a method to
encrypt that will work on both windows wervers as well as unix so as to The
main problem i was considering was being able to let the administrator edit
passwords adf to make my final web project runnable on any platform.

thanks

Greg

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.



This archive was generated by hypermail 2a23 : Sun Dec 08 2002 - 12:32:16 AKST