How can I encrypt and decrypt passwords in a Perl CGI program?

Question

Am new to Perl CGI, using ActivePerl, SQLite DB, Apache server and Windows. I have an entry form in which their are fields like Id, Name, Password and so on. Whenever anybo

Answer 1

Call make_crypto_hash when you initially set up the user, the parameter is his given passphrase. Store the function return value in the database.

sub make_crypto_hash {
    my ($passphrase) = @_;
    return Authen::Passphrase::BlowfishCrypt->new(
        cost        => 8,
        salt_random => 1,
        passphrase  => $passphrase,
    )->as_rfc2307;
}

Call match_passphrase_against_crypto_hash when someone logs in and you want to see whether the passphrase belongs to the user. The parameters are the crypto hash you retrieve from the database for the given user name, and the passphrase just given by the user. The return value is boolean.

sub match_passphrase_against_crypto_hash {
    my ($crypto_hash, $passphrase) = @_;
    return Authen::Passphrase::BlowfishCrypt
        ->from_rfc2307($crypto_hash)->match($passphrase);
}

Answer 2

MD5 converts any string into a digest. To check if the user's password is valid you don't need the password from the database, but only compare the digest from their entered one to the digest you stored.