Regarding storing the key: I have username/passwords in a database which dosn't offer a encryption function, so I encrypt the password using perl, but the key is stored in a text file, so if anybody get access to the server they would be able to retrieve all the passwords. (btw i'm running windows) Any suggestions on how to do this better ?
-----Oprindelig meddelelse----- Fra: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] På vegne af Don Quigley Sendt: 23. juni 2006 01:45 Til: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Emne: Re: Module to encrypt/store/retrieve/decrypt passwords When I'm not too awfully concerned about security I usually just do something like this. It's pretty much only protection against shoulder surfing when you're editing config files and you should use a different array of numbers for each of the passwords you have. There's some perl modules you can use for real encryption but since you have to store the key in your program that doesn't provide a whole lot of extra protection (unless you've got some cool crypto hardware installed on your system so you don't need to store the password -- no? Yeah, me neither,) but could be worth it if you've got a decent number of passwords to protect. You can look at Crypt::Rijndael and Crypt::CBC. If don't feel like compiling anything you can use Crypt::Rijndael_PP which is pretty cool since it's a pure perl implementation of Rijndael while at the same time being pretty slow (who would've guessed that Perl's not real optimized for heavy duty number crunching?). my @pad = (some large array of numbers); my @b = unpack("C*",$password); my $i = 0; my @c; foreach my $letterval (@b) { $letterval = $letterval + $pad[$i]; $c[$i] = $letterval; $i++; } my $obfuscated_password = join " ",@c; and then to "decrypt" it: my @c = split(/\s+/,$_); my @d; foreach $padval (@c) { $padval = $padval - $pad[$i]; $d[$i] = $padval; $i++; } $password = pack("C*",@d); [EMAIL PROTECTED] wrote: > Hi List, > > > > I have a perl ftp client that I am changing to sftp. I was storing > passwords in an unencrypted text file since security was not an issue. > Now I need a means of obfuscating the pwd. > Surely there is a handy perl module (for Win32) that will do this > easily. I don't need to generate or check passwords, just encode, > store, retrieve, and decode. Does anyone know of a perl module for > this? Are there docs or links avail that describe how this is normally > done? Thanks... > > > > Best regards, > > Sturdy > > > > > >----------------------------------------------------------------------- >- > >_______________________________________________ >ActivePerl mailing list >[email protected] >To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs > _______________________________________________ ActivePerl mailing list [email protected] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs ------- [Denne E-mail blev scannet for virus af Declude Virus] [This E-mail was scanned for viruses by Declude Virus] _______________________________________________ ActivePerl mailing list [email protected] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
