in reply to how to crypt and decrypt password from 4 to 15 characters in length
Of course, this also makes it impossible for the administrator to recover a forgotten user password. All he can do is reset it to a new one.
If that drawback (which can also be seen as a feature) is not a problem in your case, you should consider going with a hash function rather than a cypher. If you do want to implement a local keystore (such as what a browser uses for site passwords) then please go with one of the various Crypt::* suggestions.
Update: (*) While the hash value cannot really be decrypted, it is possible to brute-force crack it by trying all possible passwords for a match, which works quite well for poor (short/simple) passwords. This is why we have shadow password files these days (as opposed to storing the hashed password in /etc/passwd where everyone can take a shot at the guessing game).
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^2: how to crypt and decrypt password from 4 to 15 characters in length
by tirwhan (Abbot) on Jan 21, 2006 at 07:42 UTC | |
by Anonymous Monk on Jan 21, 2006 at 18:37 UTC | |
by tirwhan (Abbot) on Jan 21, 2006 at 19:16 UTC |