--- On Sat, 2/21/09, 田口 浩 <h-tagu...@secom.co.jp> wrote:
> From: 田口 浩 <h-tagu...@secom.co.jp>
> Subject: Pass Phrase known onky by the script
> To: perl-win32-users@listserv.ActiveState.com
> Date: Saturday, February 21, 2009, 6:10 PM
> Hello,
>
> I made a module generating 8 length, 1 password used at a
> CGI.
> My boss says it should save & maintain the last 1000
> password in
> a file to prevent the module to generate a duplicate
> password.
> Our customer hates the duplication of passwords, though my
> test
> says no duplication produced by less than about 200,000
> call.
>
> I don't think the file is saved as a plain text, which
> my boss
> doesn't say about it.
> I must search a method to encrypt/decrypt data, maybe I can
> find.
> But they may be such methods that I (the programmer) can
> decrypt
> the data with the Pass Phrase and programming way I coded.
>
> So is there a way to hide Pass Phrase from even the
> programmer that
> made the module or something like that.
> The CGI foront HTML is already made, I can't get the
> Pass Phrase
> from the user on the HTML screen.
>
At the top of your script put
use Digest::MD5 qw(md5 md5_hex md5_base64);
then you can hash each password and return it as hex (md5_hex). If all the
results are stored in a hash, then it's a simple matter to do a lookup.
If you want to encrypt the file of hashed passwords, then take a look at the
symmetric key modules like Crypt::CBC used with 3des or Rijndael.
--
Mark
_______________________________________________
Perl-Win32-Users mailing list
Perl-Win32-Users@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
