What is the best password encryption & decryption library to use with Perl? [closed]
https://stackoverflow.com/questions/459614
-
19-08-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am writing a perl script that manipulates password protected zip files. Consequently I need to store & retrieve passwords to do this. I have three options for storing the password:
- Store in plain text. Before you jump in, I have pretty much ruled out this option.
- Use a simple password munger to prevent casual/accidental access (even by the DBAs)
- Use a proper encryption/decryption library, such as Blowfish or AES.
Whatever I choose must run in Perl, under Windows and be easy to use.
Any suggestions?
Solution
There are a few Perl encryption packages that run on Windows, you can download the PPMs with ActivePerl package manager.
You can also use the pure Perl version of those modules (look for the name ending in _PP).
I found these modules on CPAN:
OTHER TIPS
The main problem with approach 3 is that, where do you store the key to the file that does contain the passwords? You could use Base64 for approach 2 but that very easy to "decrypt".
There should be no question here. You must use a sufficiently strong encryption scheme. You are being entrusted with sensitive data, and you must do everything possible to secure it.
If you are using Windows, you can leverage DPAPI to encrypt the AESkey and have it stored in the registry. Perl has modules to interact with Win32 libraries.
Best encryption is subjective, however AES 128 is sufficiently strong as of Jan 2009 to encrypt your data.
Even the best encryption schemes can be defeated if the user does not fully understand what they are doing.
Obviously, you are correct #1 is out.
And #2 is out as well for essentially the same reason. It is not secure.
As for #3, might I suggest that this is also out. Decrypting the password brings it into a more vulnerable state for comparison. BUT, if you are going to do this may I suggest using Crypt::CBC WITH Crypt::Blowfish for Cipher Block Chaining.
[recommended] #4: Rather than storing passwords for retrieval, decryption, then comparison as in #3. Use Authen::Passphrase a fairly complete and flexible Perl module that allows you to compare an entered password without decrypting/decoding the original. See Also How can I encrypt and decrypt passwords in a Perl CGI program?
