“Use the CPAN, Luke!”

A simple search there for something like “password hash” reveals hundreds of modules with Perl source-code that you can install on your computer with the cpan or cpanm commands, or simply “cabbage” for the logic you need.

For instance, Crypt::Password::StretchedHash comes up first.   Which uses Digest::SHA internally.   But, I digress . . .

“Okay, basics first.”   What normally gets stored in a password-table is a cryptographic “hash” of the password in question, customarily “salted.”   Digest libraries like Digest::SHA do all the mystery dirty-work for you.   The result is a string that exactly represents the password, but the password can’t be reverse-engineered from the hash value.   The computer’s job is easy:   just take whatever the user typed in, hash it, and see if it agrees with what’s in the database.   But the intruder who steals the password file can’t too-easily figure out what the correct passwords are.   Even the slightest change in the password will produce a radically-different hash, so the intruder also can’t tell if he is “getting closer,” how long the password actually is, and so on.

And, all of this stuff is “a thing already done.”   All that you need to do is to locate an appropriate existing CPAN library which does what you want.   Or, that shows you, definitively and completely, how to do it “well.”