in reply to Re^2: encrypt passwords
in thread encrypt passwords

As he wanted to store the passwords encrypted, how does he gets the original password afterwards ? somewhere he should have method to decrypt and get the original password to use.

Alternatively we can have configuration files to hold the password, like in this node Re: best way to store login information for a perl script?, Your Mother explained.

All is well. I learn by answering your questions...

Replies are listed 'Best First'.
Re^4: encrypt passwords
by CountZero (Bishop) on Apr 17, 2015 at 13:37 UTC
    The beauty of the "only store encrypted passwords" system is that you never have to store the original passwords and that the encryption method by preference does not even have a usable decryption method.

    When you have to check whether the password is correct, you simply encrypt the provided password again and check both encrypted passwords. If they are the same then one assumes that the requestor has provided you with the correct password. Of course this is only true when you can be reasonably sure that two different passwords will not lead to the same encrypted password. A well-crafted encryption routine makes the likelihood of such a thing happening very very small.

    CountZero

    A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

    My blog: Imperial Deltronics
[reply]
Re^4: encrypt passwords
by fishmonger (Chaplain) on Apr 17, 2015 at 13:27 UTC

    What makes you think he would need to decrypt it to get the original plain text password?

    It's far more likely and common to use 1 way encryption where a plain text password is supplied then encrypted to compaire it with the stored encrypted password.

[reply]
      What makes you think he would need to decrypt it to get the original plain text password?

      Re^2: encrypt passwords shows database name, host name, username, password. That looks like logins for remote systems that need the plain text password.

      Alexander

      --
      Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
[reply]
Re^4: encrypt passwords
by karlgoethebier (Abbot) on Apr 17, 2015 at 13:29 UTC

    I think we shouldn't worry about unlaid eggs until fionbarr provides some more information.

    N.B.: I'm a bit unsure if "unlaid eggs" is the equivalent of "ungelegte Eier" - if you know what i mean :-)

    Regards, Karl

    «The Crux of the Biscuit is the Apostrophe»

[reply]
    A reply falls below the community's threshold of quality. You may see it by logging in.

In Section Seekers of Perl Wisdom