dave_pl has asked for the wisdom of the Perl Monks concerning the following question:

Hi Monks

I need some wisdom...

Here is the thing i am using Digest::MD5 to encrypt passwords for me and it works great. I am using the users name as the 'salt' for the passwords but now in the crypted password it is using special characters such as the '/', which i get problems on checking is there any way i can stop md5_bas64 from using special character for the salt?


ps. these special characters are not included in the users name..
Thanks for the help

Replies are listed 'Best First'.
Re: md5_bas64 encryption?
by Hero Zzyzzx (Curate) on May 23, 2005 at 17:59 UTC

    Those "special characters" are the nature of Base 64 encoding, use md5_hex instead.

    From the docs:

    md5_hex($data,...)
           Same as md5(), but will return the digest in hexadecimal form. The length of the returned string
           will be 32 and it will only contain characters from this set: '0'..'9' and 'a'..'f'.

    But chances are how you're comparing the digested strings is wrong because a forward slash shouldn't break it. . . Let me guess- you're doing the comparison with DBI, but you're not using placeholders?

    -Any sufficiently advanced technology is
    indistinguishable from doubletalk.

    My Biz

[reply]
Re: md5_bas64 encryption?
by TedPride (Priest) on May 23, 2005 at 17:59 UTC
    Use md5_hex instead of md5_base64.
[reply]
Re: md5_base64 encryption?
by Tanktalus (Canon) on May 23, 2005 at 17:59 UTC

    Someone else may see things better than I do here, as I suspect that there really is enough information above to answer the question with, but I'm missing something. Some sample code, including the error condition, would help me see the issue better, I think.

[reply]
      Thanks for the replies!!
      Sorry for not including some code
      our $user = $q->param('user');
$pass = $q->param('pass');
open my $fh, "<Passwrdschar.pwd" or die $!;

while(<$fh>){
 my ($one, $two, $three, $four, $five, $six) = split /\ñ/, $_;
    

 if(my_crypt($pass, $one) eq $two){
      &main_s;
      exit;
 }else{
      print "<center><img src='wow3.png'></center><hr color=red>";
      print "<body background='Solar4.jpg'>";
      print "<u><h2><font color=red>Access denied</font></h2>.</u><br>
+<br></h2>";
      print "<input type='button' value='Back to main' onClick='window
+.history.back();'>";
 }  
 close($fh);
}

sub my_crypt{
  my ($pass, $user) = @_;
  my $salt = md5_base64($user);
  return md5_base64($salt.$pass);
}

      [download]
      how can i use md5_hex in the above example
      to compare my passwords and will this affect my
      current passwords?
      Well i am not getting an error but it just doesnt
      validate(compare) this passwords with a '/' included?

      Thanks again for the help.
[reply]
[d/l]

Back to Seekers of Perl Wisdom