--0015174485fc44056d04a29ac3d0
Content-Type: text/plain; charset=ISO-8859-1
Hi,
Could you please tell me best Perl functions/modules for password encryption
and decryption?
Thanks and Regards,
Amresh
--0015174485fc44056d04a29ac3d0--
2011/5/6 Amresh Sajjanshetty
> Hi,
>
> Could you please tell me best Perl functions/modules for password encryption
> and decryption?
>
No. there is no such thing called decryption if you want to protect
your passwords strictly.
Generally we crypt the user's password with md5 or similar and store
them to a database.
When user input their username and password from the web from to
login, we re-encrypt the password and compare it to the database.
The encryption function could be md5:
use Digest::MD5 'md5_hex';
my $crypt = md5_hex($password);
--
Jeff Pang
www.DNSbed.com
--
To unsubscribe, e-mail: beginners-unsubscribe@perl.org
For additional commands, e-mail: beginners-help@perl.org
http://learn.perl.org/
--0016e6dd97e16e9a7804a29b1465
Content-Type: text/plain; charset=ISO-8859-1
Is there any perl function which can do the multiplication of values of two
columns of Excel and then bring about the sum of final products.
regds,
abhay.
On Fri, May 6, 2011 at 2:50 PM, Jeff Pang
> 2011/5/6 Amresh Sajjanshetty
> > Hi,
> >
> > Could you please tell me best Perl functions/modules for password
> encryption
> > and decryption?
> >
>
> No. there is no such thing called decryption if you want to protect
> your passwords strictly.
> Generally we crypt the user's password with md5 or similar and store
> them to a database.
> When user input their username and password from the web from to
> login, we re-encrypt the password and compare it to the database.
>
> The encryption function could be md5:
>
> use Digest::MD5 'md5_hex';
> my $crypt = md5_hex($password);
>
> --
> Jeff Pang
> www.DNSbed.com
>
> --
> To unsubscribe, e-mail: beginners-unsubscribe@perl.org
> For additional commands, e-mail: beginners-help@perl.org
> http://learn.perl.org/
>
>
>
--0016e6dd97e16e9a7804a29b1465--
2011/5/6 abhay vyas
> Is there any perl function which can do the multiplication of value=
s of two
> columns of Excel and then bring about the sum of final products.
>
May this module help you?
http://search.cpan.org/~jmcnamara/Spreadsheet-ParseExcel-0.5 9/lib/Spreadshe=
et/ParseExcel.pm
--=20
Jeff Pang
www.DNSbed.com
--
To unsubscribe, e-mail: beginners-unsubscribe@perl.org
For additional commands, e-mail: beginners-help@perl.org
http://learn.perl.org/
On Fri, May 6, 2011 at 8:50 AM, Jeff Pang
> No. there is no such thing called decryption if you want to protect
> your passwords strictly.
Agreed.
> Generally we crypt the user's password with md5 or similar and
> store them to a database. When user input their username and
> password from the web from to login, we re-encrypt the
> password and compare it to the database.
Basically, yes. You use some kind of one-way hashing function
(i.e., something that can't practically be reversed) and store
the result of that. Later when the user enters their password you
hash what they entered and compare it to the stored hash. Often
you also generate a user-specific "salt", which you combine with
the password in some standard way prior to hashing so that the
same passwords will appear different in the database for
different users (for a slight bit of extra security).
> The encryption function could be md5:
AFAIK, MD5 is no longer considered secure so you should probably
use something better for optimal results. I'm not sure what you
should use, but I'm sure if you ask the Web you will find plenty
of advice.
From Wikipedia[1]:
> US-CERT of the U. S. Department of Homeland Security said MD5
> "should be considered cryptographically broken and unsuitable
> for further use," and most U.S. government applications now
> require the SHA-2 family of hash functions.
[1] http://en.wikipedia.org/wiki/MD5
--
Brandon McCaig
V zrna gur orfg jvgu jung V fnl. Vg qbrfa'g nyjnlf fbhaq gung jnl.
Castopulence Software
--
To unsubscribe, e-mail: beginners-unsubscribe@perl.org
For additional commands, e-mail: beginners-help@perl.org
http://learn.perl.org/
On Saturday 07 May 2011 04:06:47 Brandon McCaig wrote:
> On Fri, May 6, 2011 at 8:50 AM, Jeff Pang
> > No. there is no such thing called decryption if you want to protect
> > your passwords strictly.
>
> Agreed.
>
> > Generally we crypt the user's password with md5 or similar and
> > store them to a database. When user input their username and
> > password from the web from to login, we re-encrypt the
> > password and compare it to the database.
>
> Basically, yes. You use some kind of one-way hashing function
> (i.e., something that can't practically be reversed) and store
> the result of that. Later when the user enters their password you
> hash what they entered and compare it to the stored hash. Often
> you also generate a user-specific "salt", which you combine with
> the password in some standard way prior to hashing so that the
> same passwords will appear different in the database for
> different users (for a slight bit of extra security).
>
> > The encryption function could be md5:
> AFAIK, MD5 is no longer considered secure so you should probably
> use something better for optimal results. I'm not sure what you
> should use, but I'm sure if you ask the Web you will find plenty
> of advice.
>
> From Wikipedia[1]:
> > US-CERT of the U. S. Department of Homeland Security said MD5
> > "should be considered cryptographically broken and unsuitable
> > for further use," and most U.S. government applications now
> > require the SHA-2 family of hash functions.
>
> [1] http://en.wikipedia.org/wiki/MD5
>
For best results, one should also use a salted hash:
http://search.cpan.org/dist/Crypt-SaltedHash/
There's also a new concept called "stretching" which aims to be even better
than that. I should note that you should be very careful when writinig
cryptography/cryptology code, because it may end up being very insecure if
you're doing something wrong. Maybe try getting an expert opinion on some
channels on http://freenode.net/ such as ##crypto or ##security so they can
verify your algorithmic code is sane. Most people here, including me, are not
crypto and security experts.
Regards,
Shlomi Fish
--
------------------------------------------------------------ -----
Shlomi Fish http://www.shlomifish.org/
Interview with Ben Collins-Sussman - http://shlom.in/sussman
Please reply to list if it's a mailing list post - http://shlom.in/reply .
--
To unsubscribe, e-mail: beginners-unsubscribe@perl.org
For additional commands, e-mail: beginners-help@perl.org
http://learn.perl.org/