Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re: Crypt::CBC and verifying passwords

by jdtoronto (Prior)
on May 19, 2004 at 17:58 UTC ( [id://354701]=note: print w/replies, xml ) Need Help??


in reply to Crypt::CBC and verifying passwords

Geektron:

I have used Crypt::CBC with Crypt::Blowfish in an application I am currently working on. I found that the result produced by encrpyting the same value on successive occassions did not match.

It seems from your comments you are storing an unecrypted password and encrypting it for comparison. This won't work, well not if you are using Blowfish or similar. I think you would need to decrypt for comparison, thats where I ended up.

Mind you, I did not investigate in depth, I found the problem and had to make it work.

jdtoronto

Replies are listed 'Best First'.
Re: Re: Crypt::CBC and verifying passwords
by kutsu (Priest) on May 19, 2004 at 18:34 UTC

    I had this same problem with blowfish and ended up needing to encrypt everything in the same file. The easiest way to do this was to create a module with two subs that handle encryption and comparision. I offer this untested code, which will hopefully point you in the right direction. Note I have not done any taint checking or etc. so this if very unsecure code, I'm also not saying this is a good idea just that it will work.

    Read more... (2 kB)

    "Cogito cogito ergo cogito sum - I think that I think, therefore I think that I am." Ambrose Bierce

[reply]
[d/l]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://354701]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others wandering the Monastery: (5)
As of 2024-04-23 21:33 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found