0

Perl's crypt() function is a very quick and easy to use encryption routine. Unfortunately it has limitations where the length of the string to be encrypted cannot be longer than 8 characters. This limitation does not make it useful when you use it for something serious (The Perl reference/documentation for this function is here)

I'm looking for an alternative to crypt() that you actually can use for something serious, but still have it be very easy to use like the standard crypt() function.

It would also need to have to be a function that encrypts strings that cannot be decrypted. If it is very easy to use I can frequently incorporate it in many sections of my code without writing many bothersome lines of code.

gpwr
  • 988
  • 1
  • 10
  • 21
  • 5
    https://metacpan.org/pod/Crypt::Eksblowfish::Bcrypt? – melpomene Apr 24 '19 at 10:05
  • 3
    By definition encryption comes with the ability to decrypt, as long as you have the key. If you want one-way, you need hashing, not encryption. – simbabque Apr 24 '19 at 10:06
  • 4
    "*Unfortunately it has limitations where the length of the string to be encrypted cannot be longer than 8 characters.*" That depends entirely on your platform. On common Linux systems, hash implementations other than DES are exposed through `crypt()` (and available from Perl). For example, bcrypt is often available (look for hashes starting with `$2a$`). – melpomene Apr 24 '19 at 10:08
  • Simple encrypt and and throw away the key ;-) – M__ Apr 24 '19 at 10:43
  • @Michael G., That would introduce the minor problem of being unable to validate passwords... – ikegami Apr 24 '19 at 13:43
  • The documentation you linked points you at two families of options: [Crypt](https://metacpan.org/search?q=Crypt) and [Digest](https://metacpan.org/search?q=Digest). – jhnc Apr 24 '19 at 16:39

1 Answers1

0

There are several one-way encryption tools available that can serve the same function as crypt, and many are easy to use. The salt and password can be of arbitrary length.

use Digest::SHA 'sha1_base64';
$crypted = sha1_base64($salt . $password);

use Digest::MD5 'md5_base64';
$crypted = md5_base64($salt . $password);

See Digest for many other suggestions.

mob
  • 117,087
  • 18
  • 149
  • 283
  • The point of storing $salt and $crypted instead of $password is so intruders who get hold of those strings shouldn't be able find the passwords by brute force. The problem with sha1 and md5 (or sha256) just once like this is that they enables needlessly fast brute forcing. Bcrypt (like Crypt::Eksblowfish::Bcrypt) with a high cost setting is better because it lets you decide how slow=secure you want your $crypted to be. Just don't set it too slow or your users will suffer from slow login. Alternatively you could `my $crypted=$password; $crypted=sha256_base64($salt.$crypted) for 1..2**$cost` – Kjetil S. Apr 26 '19 at 01:37