Second answer: it depends on how complex you want to get. But
in any case, you
will need the server to act in conjunction,
because the server needs to decrypt things on its end. If the
password is all you need to be encrypted, I can think of
the following alternatives:
- Use SSL. A search for ssl in cpan reveals Crypt::SSLeay,
IO::Socket::SSL and some others. I've not used any
of them, though.
- Use S/Key (also known as OPIE for "One-time Passwords
in Everything). This is a technique specifically designed for
sending passwords, and is very effective and even standardized
(try RFC1760
and RFC1938).
Unfortunately, I don't think there is a Perl module for computing
S/Key challenges/responses. Also, S/Key is a higher-maintenance
system, because the user needs to reset his passwords every
once in a while. One good place to start looking for
implementations is http://www.inner.net/pub/opie/.
--ZZamboni