Home: General Discussions: Internet Security:
Encrypt or not?



Jeffro_Tull
Novice

Feb 10, 2002, 7:42 AM


Views: 44481
Encrypt or not?

I run a website which uses usernames/passwords to be able to get to the members areas. Right now, when a new user signs up, they fill in a form and all their information is saved to a straight text file in a protected directory. I am about to create a page so that a user may retrieve a lost password.

I have been reading some of the posts in this thread and most everyone is using some sort of password encryption. I am not and was wondering what the consequences are. Keep in mind that the text files are in a protected directory. The reason I avoided the password encryption was because I wanted to be able to automate the lost password retrieval and did not know how to decrypt the encrypted passwords.

Any suggestions?


PerlKid
stranger

Feb 13, 2002, 2:09 PM


Views: 44458
Re: [Jeffro_Tull] Encrypt or not?

Unless you are using a custom encryption algorithm, it is pretty much imposible to decrypt anything encrypted with the standard unix crypt() function. What I suggest doing is to go ahead and encrypt the password. When a user loses his/her password, you can reset it to a temporary random string and send it to the user via email. Once the user is logged in, they may change it to whatever they want.

(also pm'd you this message by accident...)
--Philip
FuzzyLogic at PerlMad dot com

(This post was edited by PerlKid on Feb 25, 2002, 11:20 PM)


yapp
User

Feb 23, 2002, 2:16 AM


Views: 44446
Re: [PerlKid] Encrypt or not?

Yep. Here are even some more details (using a sample console program)

[perl]
print "Please enter your password: ";
chomp(my $password) = <STDIN>; # Enter a password

my $crypted = crypt($password, 'rx'); # rx is just a random key.
print "crypted password: $crypted\n";



## Now, append this code to see a password check in action:


print "\nNow, let's check passwords\nPlease enter your password: ";
chomp(my $entered = <STDIN>);

if( crypt($entered, $crypted) eq $crypted) {
print "Password is OK\n";
}
else {
print "Wrong password!\n";
}
[/perl]

Does this forum only accept one perl code tag?? I couldn't split these two?

Yet Another Perl Programmer

_________________________________
~~> [url=http://www.codingdomain.com]www.codingdomain.com <~~
More then 3500 X-Forum [url=http://www.codingdomain.com/cgi-perl/downloads/x-forum]Downloads! Cool

(This post was edited by yapp on Feb 23, 2002, 2:19 AM)