in reply to Storing encrypted passwords and validating

A few thoughts:

  1. Search CPAN first.
  2. If you use a digest, use SHA1, not MD5.
  3. Include some random-text and some “salt” in the string that you hash.
  4. Store only the hashed string (with salt) in the database.

In Section Seekers of Perl Wisdom