You ask about a very specific Perl problem, but I am dubious about the application you are trying to achieve.
Secure and Unsecure Passwords
What is this situation where you have clear-text passwords? Do you consider this a secure situation?
- If you are dealing with passwords, it's much better to store the encoded version than the cleartext version. That makes it harder for someone who obtains access to the file/DB to steal passwords.
- Secure encryption methods involve some form of randomization, commonly referred to as salt. Without salt, BadGuy can encrypt bad_pw and compare the encrypted form with your list of passwords. A match means someone was using bad_pw as their password. With salt, which can take on, say, one of a thousand values, BadGuy needs to encrypt each potential password a thousand times to determine whether it appears in your list, slowing him down.
- Prevent people from accessing the encrypted passwords. Someone who has the list of encrypted passwords on his own machine can try hundreds or thousands of common passwords a second against the list. Unsuccessful attempts to log in to your machine should invoke a one second delay. This inconveniencecs users only minimally, but prevents villians from testing more that 3600 passwords an hour, 86400 passwords a day. Of course, they could use several machines to test passwords, so you'll need to detect such distributed attacks and limit the number of threads which will respond.
Monitoring Passwords
Depending on the situation, it's good to test passwords for a certain standard, at the time the user wants to set his/her password. Check for common words, variations on the user's account name, etc. But testing should be appropriate to the circumstance in which it is used. If you are runnning a bank, it's suitable to insist users have secure passwords which are changed regularly. If you are providing a pay web site, the only problem with someone hacking a customer's login is that they are obtaining free access to your service. But the odds are they will distribute that login information, and you'll detect the site slowing down as hundreds of users connect, at which point you can disable that account to protect your site. The customer will eventually be in touch, at which point he can receive the standard lecture on insecure passwords.
--
TTTATCGGTCGTTATATAGATGTTTGCA
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.