'iv' => 'vectory!',
Avoid using a fixed IV if at all possible. If two passwords have the same initial 8 characters, then their encrypted forms will also have the same first 8 characters. Random IVs avoid that information leak. See
Practical Cryptography for more information.
Some other posters on this thread seem to think that the random IV is a "problem" because it makes the encrypted form different every time you encrypt it. This appears to be because they don't understand the difference between an encryption function (like DES or Blowfish) and a one-way hash function (like MD5 or SHA1). The former can be decrypted so you can get the original back and compare originals. The latter can't be reversed, so you must compare the mangled versions.
'key' => 'stringie',
You're never going to be able to change the encryption key without breaking everything. That's bad.
'padding' => 'space',
In general, space padding is a bad idea (you can't recover the exact original message if it had trailing spaces), but for passwords it might be ok.
my $dbpwmd5 = $cipher->encrypt_hex($dbpw);
If it's not MD5, don't call it MD5.
