grantm,

Good call on knowing what reqs you have and tieing that to what type of security you need; however, I need to nitpick on a few things:

if I understand your requirements correctly, you need to be able to retrieve the password but you don't want to store it in plaintext. One-way hashing algorithms such as the crypt function or the MD5 module won't help there (my favourite quote to illustrate this point is "you can wind a sausage machine backwards but it won't give you pigs" - if only I could remember who said it).

True but that's okay because you never need to compare the plaintext, you compare the output of the one-way hash with the stored value.

Actually, nothing is going to be really secure since if someone can read your script they will have all the info they need to decrypt the password.

Well ... nothing in and of itself is secure. You need several layers of security. When I first read the problem, I didn't think the passwords would be stored in a script or going across the wire (in plaintext). If you need to store the password in a script, well that's where things like ACLs and file permissions come into play. As for going across the wire, then you encrypt the wire via https (web) or SSL -- security is all about layers.

update: And as a bonus, if you use one-way hash, there is nothing in the script that "decrypts" the password. The script would run the user supplied password through the one-way hash and compare the output to the stored value.

If you just want to slow someone down, encode it using MIME::Base64 like this:

Hmmm ... well there's a lot of controversy about security through obscurity and with base64 - that's what you're doing. I think it would fail even quicker than crypt and would be useless all together once someone knew base64 was the algorithm. With one-way hash functions, you can know the algorithm (des, md5) but you never really know that you have cracked the password until you try to use it. With base64, once you know base64 is the obfuscation, you don't have to try to use the password - you know it's the plaintext.

-derby

In reply to Re: Re: Password Encryption by derby
in thread Password Encryption by Anonymous Monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.