in reply to Re: Crypt CBC
in thread Crypt CBC

Thanks, for the idea. encrypt_hex is working fine. Can you give me some more idea about blowfish and DES. As i have codes for that they are taking only 8bit string.

please tell which encryption scheme is good for keeping a encrypted password in a webapplication
Thanks in Advance

Replies are listed 'Best First'.
Re^3: Crypt CBC
by jettero (Monsignor) on Jul 16, 2008 at 14:04 UTC
    Normally you wouldn't use a symmetric cipher for storing passwords (since an intruder could get the key as easily as he got a shell). Normally you use a hash to store the passwords. For example, I believe the linux shadow file uses an MD5-hmac type setup (Crypt::PasswdMD5). An attacker can still get the passwords using applications like john, but it may take a long time to get them -- if your passwords are good enough, it could take a hundred million years, but most likely it'd be more like a couple minutes.

    (Your database software probably encrypts passwords one-way with a simple password() sql function.)

    ... but if you'd really like to do it in perl, I'd suggest either Digest::MD5 or Digest::SHA1 or something in that family.

    The next question you're about to ask, I imagine, is how do you un-encrypt a hash? You don't. You do something like this to compare passwords: 

    use Digest::MD5 qw(md5_hex)

my %passwd = (
  joe => ["I'maSalt", md5_hex("I'maSalt - secret")],
);

sub login {
    my ($user, $pass) = @_;
    if( my $pa = $passwd{$user} ) {
        return 1 if md5_hex("$pa->[0] - $pass") eq $pa->[1];
    }
    return 0;
}

    [download]

    -Paul

[reply]
[d/l]
Re^3: Crypt CBC
by perlsameer (Initiate) on Jul 16, 2008 at 13:55 UTC
    The above mention solution what u have told is working but its
    giving me output 70 to 90 alphabets form just 10 character
    string.... as i want to keep this output in a text file, i
    prefer output of 7 to 10 character.. please give me solution.
[reply]

In Section Seekers of Perl Wisdom