问题
Am new to Perl CGI, using ActivePerl, SQLite DB, Apache server and Windows. I have an entry form in which their are fields like Id, Name, Password and so on. Whenever anybody makes a new entry then whatever they enter into password field that should be encrypted and get stored in database.
The next time when that same user enters the password then it should be validated. Now I suppose a decrypt function or code is required.
I found something called MD5 encryption. Please can anybody give me more info about this and help me regarding how to write the code or any link regarding this?
回答1:
Call make_crypto_hash when you initially set up the user, the parameter is his given passphrase. Store the function return value in the database.
sub make_crypto_hash {
my ($passphrase) = @_;
return Authen::Passphrase::BlowfishCrypt->new(
cost => 8,
salt_random => 1,
passphrase => $passphrase,
)->as_rfc2307;
}
Call match_passphrase_against_crypto_hash when someone logs in and you want to see whether the passphrase belongs to the user. The parameters are the crypto hash you retrieve from the database for the given user name, and the passphrase just given by the user. The return value is boolean.
sub match_passphrase_against_crypto_hash {
my ($crypto_hash, $passphrase) = @_;
return Authen::Passphrase::BlowfishCrypt
->from_rfc2307($crypto_hash)->match($passphrase);
}
回答2:
MD5 converts any string into a digest. To check if the user's password is valid you don't need the password from the database, but only compare the digest from their entered one to the digest you stored.
来源:https://stackoverflow.com/questions/3675917/how-can-i-encrypt-and-decrypt-passwords-in-a-perl-cgi-program