homepage Welcome to WebmasterWorld Guest from 54.145.183.126
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
Forum Library, Charter, Moderators: coopster & jatar k & phranque

Perl Server Side CGI Scripting Forum

    
How to encrypt/decrypt passwords using MySQL & Perl
navdeeptalwar

10+ Year Member



 
Msg#: 3128 posted 8:29 am on Jul 14, 2003 (gmt 0)

I had saved the passwords which the user had entered on registration in MySQL using the password() function of MySQL. But I am not able to compare it when the user tries to logon.
Are there any other methods of encrypting and decrypting values at server side?

 

Robber

10+ Year Member



 
Msg#: 3128 posted 9:47 am on Jul 14, 2003 (gmt 0)

Hi and welcome to WW,

Rather than encrypting and decrypting you probably just want to store the encrypted version. When someone logs on encrypt their password using the same function and compare the encryptewd string to the on you have in your DB.

Cheers

hakre

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3128 posted 9:49 am on Jul 14, 2003 (gmt 0)

hi navdeeptalwar, welcome to webmasterworld [webmasterworld.com].

it's always a good thing to take a look in the manual first:
PASSWORD() encryption is non-reversible. PASSWORD() does not perform password encryption in the same way that Unix passwords are encrypted. See ENCRYPT(). Note: The PASSWORD() function is used by the authentication system in MySQL Server, you should NOT use it in your own applications. For that purpose, use MD5() or SHA1() instead. Also see RFC-2195 for more information about handling passwords and authentication securely in your application.

nevertheless i found an example [weberdev.weberdev.com] of someone who is using this function for password verification.

- hakre.

DrDoc

WebmasterWorld Senior Member drdoc us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3128 posted 6:50 am on Jul 19, 2003 (gmt 0)

Welcome to Webmaster World!

To be frank - you do not want to decrypt a password. Even if you had a working solution, it would greatly harm your security.

Instead, follow Robber's suggestion.

The crypt function would work really well. The following solution uses the first two letters of the password as salt. Finally, it only returns the last 11 characters (since the first two are the salt as plain text:

$cryptpwd = substr(crypt($pwd,substr($pwd,0,2)),2);

Now, store this value in your database. When someone logs in, simply encrypt the password the same way and compare it to the database value.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved