You shouldn't have a key for a password file-- the passwords should be hashed (after adding a salt to prevent dictionary attacks) and then you just store the hash. Then when you need to validate what the user entered, you just take the user input, add the salt, compute the hash, and compare. The password is never decrypted, and the hash function is one-way, so you can't back it out.
What hash function to use depends on how secure you need it to be, since some of the common ones have been "broken". If it's just against prying eyes, then almost any will work.
This isn't really a perl question so much as a basic security question.
edit: and the OP shouldn't be "sending" a password anywhere-- the user should submit one and the program compares it.
edit: doh. reading it again it sounds like you want to make a keychain store all your passwords for accessing some list of sites or something in a file and have it autofill a password fields somewhere. In that case you do need to use a 2-way function, and but then also require the user to enter a password that's used as the key to decrypt them, otherwise they're no more secure than being stored as plaintext.
In reply to Re^2: How to store a password in a file
by bitingduck
in thread How to store a password in a file
by rakshas
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |