I need to be able to encrypt a password before inserting it into a db

[DRapper]

Hello All

I need to be able to encrypt a password before inserting it into a database. Then be able to decrypt it after I retrieve from the database.

DRapper

 

[Deleted]

What kind of database? Flatfile? MySQL?

Need more info..

M. Brooks
X Concepts LLC

http://xconcepts.com

 

[drkeds]

DRapper,
Using a tip I got off another thread in this forum I created a sub-routine that performs an encryption of what ever is sent to it.

sub encrypt {
my $q = shift;
my $salt = 'KW';
my $codedWord = crypt($password, $salt);
return $codedWord;

}

I also use it to re-encrypt a submitted password (to compare against what is in the dB) for validation when a user attempts a log on.

I hope this helps.

 

[jimshew]

For my purpose, I used MySQL as the db and used the AES_ENCRYPT function. Not always the best answer, but was sufficient for my use. I needed to eventually retrieve the original value, not just compare md5 stuff.

 

[DRapper]

M. Brooks

I'm using an Access database, but will be moving to SQL Server in the future. I want the password in the database table to be unreadable.

DRapper

 

[icrf]

The various databases generally have a builtin password hashing function or two, but if you want portability to another database, you could use one of the one-way methods in Perl before you insert (as per your original request). crypt uses DES encryption should be available and does well enough. It's what *nix systems used for a long time. These days there's better ways. The new popular way is probably MD5 [1] but I've heard of another newer, harder, better, faster, stronger (or something) one, but can't remember it's name.

[1]

http://search.cpan.org/author/DELTA/Digest-Perl-MD5-1.6/lib/Digest/Perl/MD5.pm

________________________________________
Andrew - Perl Monkey