-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >Sent: Thursday, June 22, 2006 10:40 AM >I don't need to generate or check passwords, just encode, store, retrieve, and decode. Does >anyone know of a perl module for this? Are there docs or links avail that describe how this is >normally done?
anyone with a basic understanding of cryptography (like me!) will tell you that this is not the way it's supposed to work. You should not be "decrypting" stored values. If you can do it that means someone else can too! Were you to lose you "encrypted" passwords all they would need is your key. Typically you have a one-way function which, just as it sounds, will encrypt something to the point where there is little likelihood of anyone who has the encrypted value and getting the plaintext value back, including you. The way you should check passwords is then pass them through the 1 way function and compare the encrypted value, to the stored encrypted value. However, you say you're not comparing them, so perhaps this is out of your control. Typically to have the ability to encrypt and decrypt you need to have a key. Since you won't need to pass your key around you won't need a public key/private key system. Honestly if you just need light obfuscation to prevent a normal user from reading plaintext passwords, you could just use the binary function XOR on your data with a set value and then XOR them back. I think in perl it would be the caret (^) operator for XOR you'd have to verify that. Just make sure the value is as long as your password. Otherwise I'm sure there are plenty of cryptography modules for you on ppm or cpan if you look. However, these might be overboard for your uses. -Wayne Simmons -- CAM Automation Programmer Unicircuit Inc. Littleton, Colorado 303-738-5390 -- Warning Corporate Disclaimer to follow this line. -- This electronic mail transmission and any attachments contain information belonging to the sender which may be confidential, privileged and exempt from disclosure under applicable law. This information is intended only for the use of the individual or entity to whom this electronic mail transmission is addressed. If you are not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, copying, distribution, or action taken or not taken in reliance on the contents of the information contained in this transmission is strictly prohibited. If you have received this transmission in error, please immediately inform me by "reply" e-mail and delete the message in its entirety. Thank you. Unicircuit, Inc. _______________________________________________ ActivePerl mailing list [email protected] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
