?
Solved

Encrypting password using md5 perl algorithm

Posted on 2003-02-24
10
Medium Priority
?
997 Views
Last Modified: 2012-05-04
Could you please show me how to encrypt a passord using md5 algorithm.That is the steps to follow to pass the password to the md5 perl algorithm and geting an encrypted value from it.That is integrating md5 perl algorithm with my existing perl code just to encrypt a password.

Please tell me the detaill steps that is how to call the md5 module in my existing code to pass a password and get an encrypted value in return.
0
Comment
Question by:trishtee
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
10 Comments
 
LVL 5

Expert Comment

by:PC_User321
ID: 8007686
See http://www.cgi101.com/modules/MD5.html

use MD5;
$password = "Hello world";

$md5 = new MD5;
$md5->add($password);
$digest = $md5->digest();
   
print("Encoded password is " . unpack("H*", $digest) . "\n");

0
 
LVL 5

Accepted Solution

by:
PC_User321 earned 136 total points
ID: 8007707
I don't remember if MD5 is included in standard Perl or if I installed it myself.  If you find that the line "use MD5;
" causes an error ("Can't locate MD51.pm in @INC ....") then you need to install it using PPM (type "ppm" at the command promp, then "install MD5").
0
 
LVL 2

Assisted Solution

by:blinkie23
blinkie23 earned 132 total points
ID: 8009159
I've gotten perl MD5 to working just using "use MD5;" before also.. but occasionally it will not work using just that, and you need to put "use Digest::MD5;" instead.  I would guess MD5 is standard perl, as I've used it on a few different projects, and have never had to install it onto the base perl install.  

I've included some code below, as alternative to what PC_User321 stated.  use "perldoc Digest::MD5" to see the full text.

Note that there are 3 ways to view the md5 hash value.  each comes out a different length, based on how it formats the result.  Also note that you can read from a $data value as well as a *FILE handle.  Use either/or.


# old school style
use Digest::MD5  qw(md5 md5_hex md5_base64);

$digest = md5($data);
$digest = md5_hex($data);
$digest = md5_base64($data);

# OO style
use Digest::MD5;
$ctx = Digest::MD5->new;
$ctx->add($data);
$ctx->addfile(*FILE);

$digest = $ctx->digest;
$digest = $ctx->hexdigest;
$digest = $ctx->b64digest;

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 26

Expert Comment

by:wilcoxon
ID: 8009758
PC_User321 and blinkie23 answered the usage question.

I just wanted to comment that MD5 is a hashing algorithm and NOT an encryption algorithm.  Anyone with access to the hashed password will be able to extract the "real" password.
0
 
LVL 2

Expert Comment

by:blinkie23
ID: 8009900
MD5 is definitly a hash function.  but it is a one-way hash if i understand it correctly.  thus, the common user will not simply be able to run a simple function on it to extract the real password.  it is possible to guess the correct password (usually more easily by socially chosen password guesses than brute force).  password guessing is done by comparing hashed guesses to the known hashed password.

thus, a hashed password is still better than plaintext passwords.  an MD5 password is (i think) better than a standard unix (crypt) password.  and it's always best to shadow your passwd files, so that no one can see the hash values to begin with.
0
 
LVL 26

Assisted Solution

by:wilcoxon
wilcoxon earned 132 total points
ID: 8010070
First, MD5 has been deprecated.  You should always use Digest::MD5 (which is included in core perl).

Yes, my previous answer wasn't complete.  Looking at the POD for Digest::MD5, I see that my memory was also faulty (I answered previously without relooking at the docs).

I don't think it is possible to retrieve the input data from a MD5-hash in any manner.  Digest::MD5 takes an arbitrary input of any length and generates a 128-bit "fingerprint" which will virtually always be unique (MD5-hashes are regarded as one of the ultimate ways for testing the uniqueness of files as no two non-duplicate files have ever been found to generate the same two figerprints).

I'm not sure that this would work at all for "encrypting" passwords (unless the input/password is less than 128-bits).  I don't see any methods for retrieving the original input data but one could probably be written given some constraints on the input and an understanding of the MD5 alorithm.
0
 
LVL 2

Expert Comment

by:blinkie23
ID: 8010184
part of the idea behind one-way hashes are that it is mathematically impossible to reverse the algorithm, even if you know the exact nature of it.  that is also assuming the algorithm is airtight... previous algoritms have been known to faulter due to unknown mathematical constraints.  once these "bugs" are discovered (by skilled mathematical genuises working for NSA-like organziations probably), the algorithm is completely ineffective.

anyway, here is a little fact that i found interesting about the MD5 algorithm and it's output hashes.  apparently the greatest test of a hashing algorithm's merit (which MD5 supposively accomplishes) is that if you have a file of large enough size, > 1mb, and change just one byte, then the 128-bit output value will be completely different than what it was before.  you, or any significantly intelligent program, should not be able to distinguish between the hash value that is just a 1byte change, or a completely different file.  this is also quite difficult to implement in a hash algorithm.
0
 
LVL 26

Expert Comment

by:wilcoxon
ID: 8010250
Somehow, I think I should stop posting today.  My brain doesn't seem to be working.  :(

I just reread the last paragraph of my last post and immediately noted that it is completely in error.  Of course, it would work for passwords - you just compare the already-hashed password to the hashed "new" password and see if they match (which I believe is how most unix systems handle passwords).
0
 
LVL 2

Expert Comment

by:blinkie23
ID: 8010434
here is a simple perl implementation of how a unix system might confirm a password challenge is correct by comparing hashes.  getpwuid returns /etc/passwd/ info given a uid.  $< is effective user id, or real uid.

one crypt's a plaintext guess, using the hashed real passwd as a "seed".  if the two hashes match, then the guess is correct.  of course this script isn't very effective, as most modern /etc/passwd files mask the passwd hash strings these days.  only root knows.


my $guess = $ARGV[0];

my($loginId, $passwd, $uid, $gid,$quota, $comment,$gcos, $home, $shell) = getpwuid($<);

if($passwd eq crypt($guess,$passwd)){
    print "correct\n";
} else {
    print "incorrect\n";
}
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many situations when we need to display the data in sorted order. For example: Student details by name or by rank or by total marks etc. If you are working on data driven based projects then you will use sorting techniques very frequently.…
In the distant past (last year) I hacked together a little toy that would allow a couple of Manager types to query, preview, and extract data from a number of MongoDB instances, to their tool of choice: Excel (http://dilbert.com/strips/comic/2007-08…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Six Sigma Control Plans

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question