comment on

I need to store passwords in a database, and obviously don't want to keep the plaintext passwords. Plaintext passwords should not be retrievable.

The canonical unix-y way to do this a long time ago was to take the plaintext password, run "crypt" on it and store it in the DB. To authenicate, you'd then take crypt and run it on the incoming password, and compare the result to what you had in the DB.

It's been awhile since I've given authentication much thought, and I'm assuming there is some new, better thing for this purpose than "crypt".

Can someone mention what the new encryption algorithm(s) is/are, for this purpose, and the perl libraries that wrap them? One requirement is "better than crypt" (which may be too low a bar to fall over after all these years). Obviously if something is far better than that's wonderful.

In reply to Storing encrypted passwords and validating by zerohero

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.