Encrypting long passwords

T

TheDeerHunter

There is a known limitation in the Perl 'crypt' function - the result
of
a call to crypt is sensitive only to the first eight characters of the
encrypted string.

E.g., the two following calls will both result in: '<b>san3ikkE.ivL2'</
b>:

crypt ('wordword', 'salt');
crypt ('wordwordword', 'salt');

Can someone recommend a Perl module that would be useful
to implement encryption of long passwords, in such way that
the result of the two calls above would differ?

Strength similar to that of crypt or better is OK.
 
J

Josef Moellers

TheDeerHunter said:
There is a known limitation in the Perl 'crypt' function - the result
of
a call to crypt is sensitive only to the first eight characters of the
encrypted string.

E.g., the two following calls will both result in: '<b>san3ikkE.ivL2'</
b>:

crypt ('wordword', 'salt');
crypt ('wordwordword', 'salt');

Can someone recommend a Perl module that would be useful
to implement encryption of long passwords, in such way that
the result of the two calls above would differ?

Strength similar to that of crypt or better is OK.
Click to expand...

Look Ma, I can use google: "perl encrypt password"
First hit contains "Crypt::passwdMD5", go to CPAn, find Crypt-PasswdMD5-1.3
 
T

TheDeerHunter

Look Ma, I can use google: "perl encrypt password"
First hit contains "Crypt::passwdMD5", go to CPAn, find Crypt-PasswdMD5-1.3
Click to expand...

Jozef, thanks for the tip.
I can google too - actually did it quite a lot before posting.

I did looking at Crypt-PasswdMD5-1.3 on
http://search.cpan.org/dist/Crypt-PasswdMD5-1.3/PasswdMD5.pm

Didn't see there anything about length, folding passwords etc. - so
the only
way to know is to try it.

And then .. I thought .. wait Ma - maybe there is a guy out there who
knows?
And then I posted my question.
 
T

TheDeerHunter

Now I actually tried it - and I do see that Crypt::passwdMD5 does the
job and creates encrypted strings that are sensitive to length of
input string greated than 8.

Again, thanks for the tip.
 
J

Josef Moellers

TheDeerHunter said:
Now I actually tried it - and I do see that Crypt::passwdMD5 does the
job and creates encrypted strings that are sensitive to length of
input string greated than 8.

Again, thanks for the tip.
Click to expand...

You're welcome. Sorry if my response was a little too rough. I tend to
get carried away, lately. Need to adjust my medication ;-)

Josef
 
B

bytebro

Look Ma, I can use google: "perl encrypt password"
First hit contains "Crypt::passwdMD5", go to CPAn, find Crypt-PasswdMD5-1.3
Click to expand...

Strictly speaking, that will not 'encrypt' the password/phrase, it
will hash it. A hash is one-way, whereas encryption is reversible.

BTW, if a hash is what the OP needs, MD5 is pretty much considered
'broken' these days; most crypto-dudes are recommending SHA2 for new
stuff. For reversible encryption, it's AES. There are modules on
CPAN for each.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

encrypting querystring 4
encrypting filename to be eligible new filename 0
'Needless flexibilities' and structured records [very long] 10
En/Decrypt Mismatch: Command-Line Tool vs. Crypt::OpenSSL::RSA 1
Beginner's Guide to getting CipherSweet working with PDO and MYSQL 1
encrypt with perl, decrypt with ruby, 3 days and counting... 2
Password authentication systems 13
a password encryption question. 13

Members online

No members online now.
Total: 34 (members: 0, guests: 34)
Robots: 456

Forum statistics

Threads
473,768
Messages
2,569,574
Members
45,048
Latest member
verona

Latest Threads

Top