Re: Password Encryption

For storing passwords, you really don't want encryption, you want a one-way hash function such as crypt. This allows you to safely "encrypt" (one-way hash) a word but you can never really decrypt. In order to check if the password is valid, you would run the entered password through the one-way hash function and compare that value with the stored value. The unicode req really throws a wrench into things, I'm not sure if crypt will handle that. There are other one-way hash modules on cpan such as MD5 and SHA that may also be helpful.

-derby

Comment on Re: Password Encryption

Replies are listed 'Best First'.
Re: Re: Password Encryption by ichimunki (Priest) on Aug 20, 2002 at 14:25 UTC
Although I like the approach of using hashes to protect passwords, this system does have a major drawback in that the passwords are not recoverable. In some cases this is unacceptable since it means options like, "email me my password" are not available. Since the poster specified the ability to "decrypt" the password, either they are unclear on what their requirements truly are, or a one-way function is not a solution in this case.	[reply]

Replies are listed 'Best First'.

Re: Re: Password Encryption
by ichimunki (Priest) on Aug 20, 2002 at 14:25 UTC

Although I like the approach of using hashes to protect passwords, this system does have a major drawback in that the passwords are not recoverable. In some cases this is unacceptable since it means options like, "email me my password" are not available. Since the poster specified the ability to "decrypt" the password, either they are unclear on what their requirements truly are, or a one-way function is not a solution in this case.

[reply]