looking for help on perl login script 
Author Message
 looking for help on perl login script

Hi all,
I am writing a perl login script for a website, and I have to crypt the
password in order to improve the security. I am using crypt() in perl for
that purpose.
Now, I want to make a page for those people who lost their passwords. And I
want to send them by sendmail. The problem is that I don't know how to
decrypt the crypted password. Anyone can help?

Billy



Sat, 31 Aug 2002 03:00:00 GMT  
 looking for help on perl login script

Quote:

>Hi all,
>I am writing a perl login script for a website, and I have to crypt the
>password in order to improve the security. I am using crypt() in perl for
>that purpose.
>Now, I want to make a page for those people who lost their passwords. And I
>want to send them by sendmail. The problem is that I don't know how to
>decrypt the crypted password. Anyone can help?

Which part of the second paragraph of the crypt documentation don't you
understand?

Or even:

perlfaq8: How do I decode encrypted password files?

I guess you're to lazy to read, which is a coincidence since I'm too lazy
to give you the answer too.

--
Sam

Computers in the future may weigh no more than 1.5 tons.
        --Popular Mechanics, 1949



Sat, 31 Aug 2002 03:00:00 GMT  
 looking for help on perl login script

Quote:

> Now, I want to make a page for those people who lost their passwords. And I
> want to send them by sendmail. The problem is that I don't know how to
> decrypt the crypted password. Anyone can help?

Yeah, forget it.  The crypt() function is one-way.  It means you
cannot reverse it.  Your only option is to generate a new password
(preferably random), and send it to the guy.

  (This is not completely true, of course, you could crack the
crypt()ed password, but since the only certain way for that is
brute-force, I do not consider it to be a good alternative.)

  And this has probably nothing to do with Perl.

Roland.
--
Les francophones m'appellent Roland Mas,
English speakers call me Rowlannd' Mass,
Nihongode hanasu hitoha [Lolando Masu] to iimasu.
Choisissez ! Take your pick ! Erande kudasai !



Sat, 31 Aug 2002 03:00:00 GMT  
 looking for help on perl login script
One workaround could be to have another file that has their email
address encrypted and the password not. When they put in their email
address you simply compare them to the encrypted one and when it finds a
match, bingo.

Quote:

> Hi all,
> I am writing a perl login script for a website, and I have to crypt the
> password in order to improve the security. I am using crypt() in perl for
> that purpose.
> Now, I want to make a page for those people who lost their passwords. And I
> want to send them by sendmail. The problem is that I don't know how to
> decrypt the crypted password. Anyone can help?

> Billy


--

Keith

*****************************************************

        http://www.justanotherwebsite.com

        http://www.powersolution.com

        "I looked up one day and saw, it was up to me.
        Well you can only be a victim if you admit defeat!"
        - From "Coolidge" by The Descendents



Sat, 07 Sep 2002 03:00:00 GMT  
 looking for help on perl login script
Please disregard this post from my fellow countryman.
We here "DownUnder" are not all as bad mannered as he appears to be.

His e-mail address belies his actual IQ.

Quote:


> >Hi all,
> >I am writing a perl login script for a website, and I have to crypt the
> >password in order to improve the security. I am using crypt() in perl for
> >that purpose.
> >Now, I want to make a page for those people who lost their passwords. And I
> >want to send them by sendmail. The problem is that I don't know how to
> >decrypt the crypted password. Anyone can help?

> Which part of the second paragraph of the crypt documentation don't you
> understand?

> Or even:

> perlfaq8: How do I decode encrypted password files?

> I guess you're to lazy to read, which is a coincidence since I'm too lazy
> to give you the answer too.

> --
> Sam

> Computers in the future may weigh no more than 1.5 tons.
>         --Popular Mechanics, 1949

--
Regards
Luke
PLEASE NOTE: Spamgard (tm) installed.
----
When the only tool you own is a hammer,
all problems begin to resemble nails.
----
http://www.bell-bird.com.au

----


Sun, 08 Sep 2002 03:00:00 GMT  
 looking for help on perl login script
Quote:

> One workaround could be to have another file that has their email
> address encrypted and the password not. When they put in their email
> address you simply compare them to the encrypted one and when it finds a
> match, bingo.

Godd idea ... except when the user changes their e-mail address ... and
subsequently forgets what that was too ...

Some one once said ...
"You can make something fool proof, but you'll never make it _damn_ fool
proof!"

As Roland Mas stated earlier, crypt is one way ... best give them a new
password after verification that the user is infact who they say they
are.

--
Regards
Luke
PLEASE NOTE: Spamgard (tm) installed.
----
When the only tool you own is a hammer,
all problems begin to resemble nails.
----
http://www.bell-bird.com.au

----



Sun, 08 Sep 2002 03:00:00 GMT  
 looking for help on perl login script
If it's a small site with a limited number of users the webmaster could
keep a separate personal file of the passwords on a remote server (or his
home box). I do this on a couple of domains I admin.  In these situations
the basic idea is to keep hackers from breaking into the system and
gaining access to the passwords.  Since I can easily verify the identities
of most of the people who access the system it's not hard to verify
legitimate requests for lost passwords.

On a larger system it would be better to send an authentication request
for a new password to the email address of record.  Then it's up to them
to respond via whatever method the program dictates - email, web
interface, etc., to either create a new password or receive a random
computer generated password.

crypt() was designed so that it can't be unencrypted.   The only method I
know of to try to crack a crypted password is to write a program that
tries all the possibilities.  If you try this make sure you have a fast
processor.  The last time I made the flags I incorporated in the program
indicated that it could take between 3 and 6 months of the program running
24/7 to crack one password.

Glen

Quote:

>One workaround could be to have another file that has their email
>address encrypted and the password not. When they put in their email
>address you simply compare them to the encrypted one and when it finds a
>match, bingo.


>> Hi all,
>> I am writing a perl login script for a website, and I have to crypt the
>> password in order to improve the security. I am using crypt() in perl for
>> that purpose.
>> Now, I want to make a page for those people who lost their passwords. And I
>> want to send them by sendmail. The problem is that I don't know how to
>> decrypt the crypted password. Anyone can help?

>> Billy




Fri, 13 Sep 2002 03:00:00 GMT  
 
 [ 7 post ] 

 Relevant Pages 

1. looking for help on perl login script

2. looking for a .htaccess or web login script

3. Help: Perl script to automate https secured login session

4. Need Perl Script for Members Login Page- help

5. Perl NT login scripts help...

6. CR before login or any help that would lf before login

7. Net::FTP help for login & script

8. Login script, help please

9. Member Registration/Login CGI Script Help

10. Looking for a login page?

11. help looking for perl script to..

12. Perl scripts for login control

 

 
Powered by phpBB® Forum Software