Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

perl password encoding

Status
Not open for further replies.
gchen

gchen

Programmer
Joined
Nov 14, 2002
Messages
174
Location
US
Hi, Need some admin help here...

i have a perl script to take username/password for instant sign-up and they were written to an ascii file. All were working fine except when the user lost his/her password, i can not recall it and have to ask them to re-sign up again. i know there is a way to decode the perl encripted password. i need that to comlete the "lost password" service call.

Can anybody help?

Thanks!

Gary


 
Sort by date Sort by votes
Assuming you have access to the perl script, I'd say the first step is to look at it to determine what method it's using to encrypt the passwords. It could be as simple as ROT13
 
Upvote 0 Downvote
I checked the script and believe it is using below line --

$pass=crypt($user_data{password},7);

Any clue?

Thanks!
 
Upvote 0 Downvote
Hi Gary,

You can't get the passwd back from the crypt data.

Sites that do the "lost password" thing don't use crypt() to encode the password - you'll have to do something else I'm afraid, some encoding algorithm that allows you to get back to the clear text passwd from the encoded version.



Mike

"Deliver me from the bane of civilised life; teddy bear envy."

Want to get great answers to your Tek-Tips questions? Have a look at faq219-2884

 
Upvote 0 Downvote
Hi Mike,

Thank you! I managed to save the raw pw to a secured directory for later reference. Guess this is the most effective way to do it.

Gary
 
Upvote 0 Downvote
It's a bit fraught I know, saving unencrypted passwords. And encrypting them securely is hard as well - if someone has access to your source code they can see how you've done it.

I ended up using perl2exe so that the encryption keywords were hidden; this let me store passwords that were encrypted in a way that let me get back to the original password - and then storing source code on another server. *Still* not very secure as the developers could work out how to get at passwords but better than before.

Mike

"Deliver me from the bane of civilised life; teddy bear envy."

Want to get great answers to your Tek-Tips questions? Have a look at faq219-2884

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

svar
  • Locked
  • Question Question
Building strawberry perl with modules
Replies
0
Views
250
svar
svar
rob54321
  • Locked
  • Question Question
Perl how to read line from file with interpolation
Replies
6
Views
1K
rob54321
rob54321
Limbomusic
  • Locked
  • Question Question
Perl files getting accessed directly
Replies
0
Views
679
Limbomusic
Limbomusic
eslie
  • Locked
  • Question Question
Perl script behavior makes no sense!!!
Replies
0
Views
555
eslie
eslie
newbie1238585
  • Locked
  • Question Question
Perl how to read string in csv file * as wildcard operator
Replies
2
Views
850
mikrom
mikrom

Part and Inventory Search

Sponsor

Back
Top