RE: Pass Phrase known onky by the script

2009-02-21 Thread 田口 浩 

> then you can hash each password and return it as hex 
> (md5_hex). 

Oh, I was trying to hash of the whole data 'join("\t",@pass)',
and de_hash it at decryption time.

No need to de_hash.
Just hash a new & check if hashed pass exists.

Thanks,
___
Perl-Win32-Users mailing list
Perl-Win32-Users@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs

Re: Pass Phrase known onky by the script

2009-02-21 Thread Mark Pryor 



--- On Sat, 2/21/09, 田口 浩  wrote:

> From: 田口 浩 
> Subject: Pass Phrase known onky by the script
> To: perl-win32-users@listserv.ActiveState.com
> Date: Saturday, February 21, 2009, 6:10 PM
> Hello,
> 
> I made a module generating 8 length, 1 password used at a
> CGI.
> My boss says it should save & maintain the last 1000
> password in
> a file to prevent the module to generate a duplicate
> password.
> Our customer hates the duplication of passwords, though my
> test
> says no duplication produced by less than about 200,000
> call.
> 
> I don't think the file is saved as a plain text, which
> my boss
> doesn't say about it.
> I must search a method to encrypt/decrypt data, maybe I can
> find.
> But they may be such methods that I (the programmer) can
> decrypt
> the data with the Pass Phrase and programming  way I coded.
> 
> So is there a way to hide Pass Phrase from even the
> programmer that
> made the module or something like that.
> The CGI foront HTML is already made, I can't get the
> Pass Phrase
> from the user on the HTML screen.
> 
At the top of your script put
use Digest::MD5 qw(md5 md5_hex md5_base64);

then you can hash each password and return it as hex (md5_hex). If all the 
results are stored in a hash, then it's a simple matter to do a lookup. 

If you want to encrypt the file of hashed passwords, then take a look at the 
symmetric key modules like Crypt::CBC used with 3des or Rijndael.

-- 
Mark


  
___
Perl-Win32-Users mailing list
Perl-Win32-Users@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs

Pass Phrase known onky by the script

2009-02-21 Thread 田口 浩 
Hello,

I made a module generating 8 length, 1 password used at a CGI.
My boss says it should save & maintain the last 1000 password in
a file to prevent the module to generate a duplicate password.
Our customer hates the duplication of passwords, though my test
says no duplication produced by less than about 200,000 call.

I don't think the file is saved as a plain text, which my boss
doesn't say about it.
I must search a method to encrypt/decrypt data, maybe I can find.
But they may be such methods that I (the programmer) can decrypt
the data with the Pass Phrase and programming  way I coded.

So is there a way to hide Pass Phrase from even the programmer that
made the module or something like that.
The CGI foront HTML is already made, I can't get the Pass Phrase
from the user on the HTML screen.

Regards,
___
Perl-Win32-Users mailing list
Perl-Win32-Users@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs