What you are doing with Digest::MD5 is not actually a crypt-style MD5 digest. It is just a simple MD5 digest with a constant component (what you have erroneously called the "salt") tacked on the end of the digest source. While it is still better than storing the plain text directly, it is not as good as actual MD5 crypt. A good explanation of what MD5 crypt is beyond a simple MD5 hash, go here (read the larger presentation about bcrypt, as well, if you like).

Whether your simple system actually needs to use a crypt-style system is up to you. The idea of crypt and cousins is to increase the computational cost of checking a password. The trade-off is between responsiveness for legitimate users and deterrence of brute-force and dictionary attacks. The simple MD5 hash is almost certainly lower on this scale that traditional, DES-based crypt, and definitely below MD5 crypt. In my case, I would probably choose MD5 crypt (or SHA crypt or bcrypt, if feasible), in most cases, since I like to do whatever simple things I can to make myself feel more secure.

In terms of implementation, there are two possibilities that I'll mention (who knows what others there are):

  1. Your operating system's version of crypt already supports extended variants of crypt (MD5, SHA, or bcrypt). This means that the crypt command built in to Perl already supports these variants. There is a good explanation of using built-in MD5 crypt here. (Read the reply to that node for some good caveats as well.)
  2. Use Crypt::PasswdMD5 for a pure Perl implementation of the MD5 crypt algorithm. (DISCLAIMER: I've never actually used this myself, YMMV)

Other than that complaint, I'd say what I've read of the course is generally quite well written, thought out, and researched.

In reply to Re: Lesson Four, Part 2 of online CGI course by mdillon
in thread Lesson Four, Part 2 of online CGI course by Ovid

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.