FAQ
Hi,

Could you please tell me best Perl functions/modules for password encryption
and decryption?

Thanks and Regards,
Amresh

Search Discussions

  • Jeff Pang at May 6, 2011 at 12:50 pm

    2011/5/6 Amresh Sajjanshetty <amresh.sajjan@gmail.com>:
    Hi,

    Could you please tell me best Perl functions/modules for password encryption
    and decryption?
    No. there is no such thing called decryption if you want to protect
    your passwords strictly.
    Generally we crypt the user's password with md5 or similar and store
    them to a database.
    When user input their username and password from the web from to
    login, we re-encrypt the password and compare it to the database.

    The encryption function could be md5:

    use Digest::MD5 'md5_hex';
    my $crypt = md5_hex($password);

    --
    Jeff Pang
    www.DNSbed.com
  • Abhay vyas at May 6, 2011 at 1:01 pm
    Is there any perl function which can do the multiplication of values of two
    columns of Excel and then bring about the sum of final products.


    regds,
    abhay.
    On Fri, May 6, 2011 at 2:50 PM, Jeff Pang wrote:

    2011/5/6 Amresh Sajjanshetty <amresh.sajjan@gmail.com>:
    Hi,

    Could you please tell me best Perl functions/modules for password
    encryption
    and decryption?
    No. there is no such thing called decryption if you want to protect
    your passwords strictly.
    Generally we crypt the user's password with md5 or similar and store
    them to a database.
    When user input their username and password from the web from to
    login, we re-encrypt the password and compare it to the database.

    The encryption function could be md5:

    use Digest::MD5 'md5_hex';
    my $crypt = md5_hex($password);

    --
    Jeff Pang
    www.DNSbed.com <http://www.dnsbed.com/>

    --
    To unsubscribe, e-mail: beginners-unsubscribe@perl.org
    For additional commands, e-mail: beginners-help@perl.org
    http://learn.perl.org/

  • Jeff Pang at May 6, 2011 at 1:06 pm

    2011/5/6 abhay vyas <abhaymvyas@gmail.com>:
    Is there any  perl function which can do the multiplication of values of two
    columns of Excel and then bring about the sum of final products.
    May this module help you?
    http://search.cpan.org/~jmcnamara/Spreadsheet-ParseExcel-0.59/lib/Spreadsheet/ParseExcel.pm


    --
    Jeff Pang
    www.DNSbed.com
  • Brandon McCaig at May 7, 2011 at 1:07 am

    On Fri, May 6, 2011 at 8:50 AM, Jeff Pang wrote:
    No. there is no such thing called decryption if you want to protect
    your passwords strictly. Agreed.
    Generally we crypt the user's password with md5 or similar and
    store them to a database. When user input their username and
    password from the web from to login, we re-encrypt the
    password and compare it to the database.
    Basically, yes. You use some kind of one-way hashing function
    (i.e., something that can't practically be reversed) and store
    the result of that. Later when the user enters their password you
    hash what they entered and compare it to the stored hash. Often
    you also generate a user-specific "salt", which you combine with
    the password in some standard way prior to hashing so that the
    same passwords will appear different in the database for
    different users (for a slight bit of extra security).
    The encryption function could be md5:
    AFAIK, MD5 is no longer considered secure so you should probably
    use something better for optimal results. I'm not sure what you
    should use, but I'm sure if you ask the Web you will find plenty
    of advice.

    From Wikipedia[1]:
    US-CERT of the U. S. Department of Homeland Security said MD5
    "should be considered cryptographically broken and unsuitable
    for further use," and most U.S. government applications now
    require the SHA-2 family of hash functions.
    [1] http://en.wikipedia.org/wiki/MD5


    --
    Brandon McCaig <http://www.bamccaig.com/> <bamccaig@gmail.com>
    V zrna gur orfg jvgu jung V fnl. Vg qbrfa'g nyjnlf fbhaq gung jnl.
    Castopulence Software <http://www.castopulence.org/> <bamccaig@castopulence.org>
  • Shlomi Fish at May 7, 2011 at 6:03 am

    On Saturday 07 May 2011 04:06:47 Brandon McCaig wrote:
    On Fri, May 6, 2011 at 8:50 AM, Jeff Pang wrote:
    No. there is no such thing called decryption if you want to protect
    your passwords strictly. Agreed.
    Generally we crypt the user's password with md5 or similar and
    store them to a database. When user input their username and
    password from the web from to login, we re-encrypt the
    password and compare it to the database.
    Basically, yes. You use some kind of one-way hashing function
    (i.e., something that can't practically be reversed) and store
    the result of that. Later when the user enters their password you
    hash what they entered and compare it to the stored hash. Often
    you also generate a user-specific "salt", which you combine with
    the password in some standard way prior to hashing so that the
    same passwords will appear different in the database for
    different users (for a slight bit of extra security).
    The encryption function could be md5:
    AFAIK, MD5 is no longer considered secure so you should probably
    use something better for optimal results. I'm not sure what you
    should use, but I'm sure if you ask the Web you will find plenty
    of advice.

    From Wikipedia[1]:
    US-CERT of the U. S. Department of Homeland Security said MD5
    "should be considered cryptographically broken and unsuitable
    for further use," and most U.S. government applications now
    require the SHA-2 family of hash functions.
    [1] http://en.wikipedia.org/wiki/MD5
    For best results, one should also use a salted hash:

    http://search.cpan.org/dist/Crypt-SaltedHash/

    There's also a new concept called "stretching" which aims to be even better
    than that. I should note that you should be very careful when writinig
    cryptography/cryptology code, because it may end up being very insecure if
    you're doing something wrong. Maybe try getting an expert opinion on some
    channels on http://freenode.net/ such as ##crypto or ##security so they can
    verify your algorithmic code is sane. Most people here, including me, are not
    crypto and security experts.

    Regards,

    Shlomi Fish

    --
    -----------------------------------------------------------------
    Shlomi Fish http://www.shlomifish.org/
    Interview with Ben Collins-Sussman - http://shlom.in/sussman

    <rindolf> I am not solvable. I am Turing hard.

    Please reply to list if it's a mailing list post - http://shlom.in/reply .

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupbeginners @
categoriesperl
postedMay 6, '11 at 12:38p
activeMay 7, '11 at 6:03a
posts6
users5
websiteperl.org

People

Translate

site design / logo © 2021 Grokbase