--- On Sat, 2/21/09, 田口 浩 h-tagu...@secom.co.jp wrote:
From: 田口 浩 h-tagu...@secom.co.jp
Subject: Pass Phrase known onky by the script
To: perl-win32-users@listserv.ActiveState.com
Date: Saturday, February 21, 2009, 6:10 PM
Hello,
I made a module generating 8 length, 1 password used at a
CGI.
My boss says it should save maintain the last 1000
password in
a file to prevent the module to generate a duplicate
password.
Our customer hates the duplication of passwords, though my
test
says no duplication produced by less than about 200,000
call.
I don't think the file is saved as a plain text, which
my boss
doesn't say about it.
I must search a method to encrypt/decrypt data, maybe I can
find.
But they may be such methods that I (the programmer) can
decrypt
the data with the Pass Phrase and programming way I coded.
So is there a way to hide Pass Phrase from even the
programmer that
made the module or something like that.
The CGI foront HTML is already made, I can't get the
Pass Phrase
from the user on the HTML screen.
At the top of your script put
use Digest::MD5 qw(md5 md5_hex md5_base64);
then you can hash each password and return it as hex (md5_hex). If all the
results are stored in a hash, then it's a simple matter to do a lookup.
If you want to encrypt the file of hashed passwords, then take a look at the
symmetric key modules like Crypt::CBC used with 3des or Rijndael.
--
Mark
___
Perl-Win32-Users mailing list
Perl-Win32-Users@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs