On Wed, Jun 27, 2001 at 08:49:55AM -0700, James Kelty wrote:
> Can anyone point out a good book that details the functionality of perl
> and crypt()? I would like to have a cgi page that allows new member to
> sign up, hold the info in  a flat file, but I would like to have the
> passwords encrypted. Any help would be much appreciated! Thanks alot!


I normally use Digest::MD5 for this kind of thing.  The module, like most
others, is available from CPAN.

#!/usr/bin/perl -w

use Digest::MD5 qw(md5_hex);
use strict;

my $secret_password="foobarqux";
my $digest=md5_hex($secret_password);

This is not really encryption as it's a one-way function.  You can't reverse
the procedure to find the password from the digest so to authorise your users
you will need to perform the digest function on the password they've supplied
and compare it with the stored string.

Be wary of passing passwords over http as they can be sniffed, https would be 
preferred.

There's probably better ways of authenticating users.  I would be glad to learn
them from any of the real programmers on the list. :)

Regards.

EbGb.

Reply via email to