Encrypting long passwords

Discussion in 'Perl Misc' started by TheDeerHunter, Mar 26, 2007.

  1. There is a known limitation in the Perl 'crypt' function - the result
    of
    a call to crypt is sensitive only to the first eight characters of the
    encrypted string.

    E.g., the two following calls will both result in: '<b>san3ikkE.ivL2'</
    b>:

    crypt ('wordword', 'salt');
    crypt ('wordwordword', 'salt');

    Can someone recommend a Perl module that would be useful
    to implement encryption of long passwords, in such way that
    the result of the two calls above would differ?

    Strength similar to that of crypt or better is OK.
    TheDeerHunter, Mar 26, 2007
    #1
    1. Advertising

  2. TheDeerHunter wrote:
    > There is a known limitation in the Perl 'crypt' function - the result
    > of
    > a call to crypt is sensitive only to the first eight characters of the
    > encrypted string.
    >
    > E.g., the two following calls will both result in: '<b>san3ikkE.ivL2'</
    > b>:
    >
    > crypt ('wordword', 'salt');
    > crypt ('wordwordword', 'salt');
    >
    > Can someone recommend a Perl module that would be useful
    > to implement encryption of long passwords, in such way that
    > the result of the two calls above would differ?
    >
    > Strength similar to that of crypt or better is OK.
    >


    Look Ma, I can use google: "perl encrypt password"
    First hit contains "Crypt::passwdMD5", go to CPAn, find Crypt-PasswdMD5-1.3

    --
    These are my personal views and not those of Fujitsu Siemens Computers!
    Josef Möllers (Pinguinpfleger bei FSC)
    If failure had no penalty success would not be a prize
    -- T. Pratchett
    Josef Moellers, Mar 26, 2007
    #2
    1. Advertising

  3. On 26 Mar, 12:59, Josef Moellers <>
    wrote:
    > Look Ma, I can use google: "perl encrypt password"
    > First hit contains "Crypt::passwdMD5", go to CPAn, find Crypt-PasswdMD5-1.3


    Jozef, thanks for the tip.
    I can google too - actually did it quite a lot before posting.

    I did looking at Crypt-PasswdMD5-1.3 on
    http://search.cpan.org/dist/Crypt-PasswdMD5-1.3/PasswdMD5.pm

    Didn't see there anything about length, folding passwords etc. - so
    the only
    way to know is to try it.

    And then .. I thought .. wait Ma - maybe there is a guy out there who
    knows?
    And then I posted my question.
    TheDeerHunter, Mar 26, 2007
    #3
  4. Now I actually tried it - and I do see that Crypt::passwdMD5 does the
    job and creates encrypted strings that are sensitive to length of
    input string greated than 8.

    Again, thanks for the tip.
    TheDeerHunter, Mar 26, 2007
    #4
  5. TheDeerHunter wrote:
    > Now I actually tried it - and I do see that Crypt::passwdMD5 does the
    > job and creates encrypted strings that are sensitive to length of
    > input string greated than 8.
    >
    > Again, thanks for the tip.
    >


    You're welcome. Sorry if my response was a little too rough. I tend to
    get carried away, lately. Need to adjust my medication ;-)

    Josef
    --
    These are my personal views and not those of Fujitsu Siemens Computers!
    Josef Möllers (Pinguinpfleger bei FSC)
    If failure had no penalty success would not be a prize
    -- T. Pratchett
    Josef Moellers, Mar 26, 2007
    #5
  6. TheDeerHunter

    bytebro Guest

    On 26 Mar, 12:59, Josef Moellers <>
    wrote:
    > TheDeerHunter wrote:
    > > There is a known limitation in the Perl 'crypt' function - the result
    > > of
    > > a call to crypt is sensitive only to the first eight characters of the
    > > encrypted string.
    > > Can someone recommend a Perl module that would be useful
    > > to implement encryption of long passwords, in such way that
    > > the result of the two calls above would differ?

    >
    > > Strength similar to that of crypt or better is OK.

    >
    > Look Ma, I can use google: "perl encrypt password"
    > First hit contains "Crypt::passwdMD5", go to CPAn, find Crypt-PasswdMD5-1.3


    Strictly speaking, that will not 'encrypt' the password/phrase, it
    will hash it. A hash is one-way, whereas encryption is reversible.

    BTW, if a hash is what the OP needs, MD5 is pretty much considered
    'broken' these days; most crypto-dudes are recommending SHA2 for new
    stuff. For reversible encryption, it's AES. There are modules on
    CPAN for each.
    bytebro, Mar 26, 2007
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Elliot M. Rodriguez

    Impersonation Question - Encrypting Passwords

    Elliot M. Rodriguez, Nov 4, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    383
    Elliot M. Rodriguez
    Nov 4, 2003
  2. =?Utf-8?B?VGF5bw==?=

    Encrypting Passwords

    =?Utf-8?B?VGF5bw==?=, May 27, 2004, in forum: ASP .Net
    Replies:
    3
    Views:
    351
    Nick Gilbert
    May 27, 2004
  3. Andy Grove

    Encrypting passwords using Java

    Andy Grove, Feb 12, 2004, in forum: Java
    Replies:
    8
    Views:
    2,132
    Joona I Palaste
    Feb 14, 2004
  4. Replies:
    2
    Views:
    396
    Michael Borgwardt
    Apr 15, 2004
  5. Ben Knight
    Replies:
    0
    Views:
    112
    Ben Knight
    Feb 8, 2009
Loading...

Share This Page