JupiterHost.Net wrote:
Hello list,
Hello,
I'm working on a script that manages passwords in a database.
Does anyone see any benefits/downfalls [in]securities of using crypt()
vs. an MD5 sum via Digest::MD5?
Like so:
if(crypt($mypass, $crypted_original_pass) eq $crypted_original_pass) {
...
vs.
use Digest::MD5 qw(md5_hex);
...
if(md5_hex($mypass) eq $md5_hex_of_original_pass) {
...
If you use short/easy to guess passwords, such as words found in a
dictionary,
then the hash you use is irrelevant. If you use good, hard to guess passwords
then longer/more secure hashes provide more security but are slower. Probably
the least you should use is MD5 but don't confuse a good hash algorithm for
good security. :-)
John
--
use Perl;
program
fulfillment
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
