--- scott lutz <[EMAIL PROTECTED]> wrote:
> I am wondering if anyone has any experience with the Rot13.pm?
> I am looking for a module to encrypt the log-in password from a form, and am
> unfamiliar with all of the modules on CPAN, and so am looking for some
> feedback.
All Rot13 does is 'rotate' your characters by 13 letters in the alphabet. It's a
simple
substitution cypher.
Once the login password is submitted from a form (over a secure server, one hopes),
what you
should do is encrypt with with a one-way hash and compare that value to what is in the
database.
The following program is *incomplete*!!! It just shows how to encrypt the password:
#!/usr/bin/perl -w
use strict;
use Digest::MD5 qw ( md5_base64 );
my $rand = 'yed*73=1/+#@%d';
my $pass = 'secret';
my @data = ($rand, $pass);
my $encrypted_pass = md5_base64( @data );
That should set $encrypted_pass to "XDq+aqniyiWLTcwMMAV7qg" (without the quotes).
The idea is simple: when someone has a username/password combination created, you
hash the
password and save the hash in the database. If someone gets access to the database,
they won't
see plaintext passwords. Of course, $rand should be VERY random and should not
change.
Subsequent logins regenerate the hash and compare that value to what is in the
database.
If the user loses their password, you won't be able to give it to them. You'll need
to recreate
it.
For added security, use Digest::SHA1 instead. It's a little slower, but more secure.
Cheers,
Curtis Poe
=====
Senior Programmer
Onsite! Technology (http://www.onsitetech.com/)
"Ovid" on http://www.perlmonks.org/
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35
a year! http://personal.mail.yahoo.com/
