Normally you wouldn't use a symmetric cipher for storing passwords (since an intruder could get the key as easily as he got a shell). Normally you use a hash to store the passwords. For example, I believe the linux shadow file uses an MD5-hmac type setup (Crypt::PasswdMD5). An attacker can still get the passwords using applications like john, but it may take a long time to get them -- if your passwords are good enough, it could take a hundred million years, but most likely it'd be more like a couple minutes.

(Your database software probably encrypts passwords one-way with a simple password() sql function.)

... but if you'd really like to do it in perl, I'd suggest either Digest::MD5 or Digest::SHA1 or something in that family.

The next question you're about to ask, I imagine, is how do you un-encrypt a hash? You don't. You do something like this to compare passwords:

use Digest::MD5 qw(md5_hex)

my %passwd = (
  joe => ["I'maSalt", md5_hex("I'maSalt - secret")],
);

sub login {
    my ($user, $pass) = @_;
    if( my $pa = $passwd{$user} ) {
        return 1 if md5_hex("$pa->[0] - $pass") eq $pa->[1];
    }
    return 0;
}
[download]