more useful options | |
PerlMonks |
Crypt::CBC and verifying passwordsby geektron (Curate) |
on May 19, 2004 at 17:41 UTC ( [id://354692]=perlquestion: print w/replies, xml ) | Need Help?? |
geektron has asked for the wisdom of the Perl Monks concerning the following question:
an application that i'm maintaining originally used Crypt:DES to 'encrypt' passwords for storage in a cookie to maintain a logged-in user. the app has decided to break with passwords longer than 8 bytes ( which i found out is a limitation of Crypt::DES -- it only handles 8-byte data ).
today I'm working on replacing the Crypt::DES with Crypt::CBC to allow for arbitrary-length password strings, but I can't get validation/ verification of the passwords from the cookie. in the set_cookie routine: and the new $epassword is tossed into the cookie. and later ( on subsequent hits to the app, essentially) we check the cookie pass against the DB pass like so: where $dbpw is just fetched from the DB based on the username .... and the values don't match. the newly encrypted $dbpw and the value from the cookie, that is. after reading a couple other nodes ( Crypt::CBC question, Safe symmetric encryption - Crypt::CBC + Crypt::Blowfish? ) a block cipher (like DES) should allow for comparision.
Back to
Seekers of Perl Wisdom
|
|