Encrypting password using md5 perl algorithm

Posted on 2003-02-24
Medium Priority
Last Modified: 2012-05-04
Could you please show me how to encrypt a passord using md5 algorithm.That is the steps to follow to pass the password to the md5 perl algorithm and geting an encrypted value from it.That is integrating md5 perl algorithm with my existing perl code just to encrypt a password.

Please tell me the detaill steps that is how to call the md5 module in my existing code to pass a password and get an encrypted value in return.
Question by:trishtee
  • 4
  • 3
  • 2

Expert Comment

ID: 8007686
See http://www.cgi101.com/modules/MD5.html

use MD5;
$password = "Hello world";

$md5 = new MD5;
$digest = $md5->digest();
print("Encoded password is " . unpack("H*", $digest) . "\n");


Accepted Solution

PC_User321 earned 136 total points
ID: 8007707
I don't remember if MD5 is included in standard Perl or if I installed it myself.  If you find that the line "use MD5;
" causes an error ("Can't locate MD51.pm in @INC ....") then you need to install it using PPM (type "ppm" at the command promp, then "install MD5").

Assisted Solution

blinkie23 earned 132 total points
ID: 8009159
I've gotten perl MD5 to working just using "use MD5;" before also.. but occasionally it will not work using just that, and you need to put "use Digest::MD5;" instead.  I would guess MD5 is standard perl, as I've used it on a few different projects, and have never had to install it onto the base perl install.  

I've included some code below, as alternative to what PC_User321 stated.  use "perldoc Digest::MD5" to see the full text.

Note that there are 3 ways to view the md5 hash value.  each comes out a different length, based on how it formats the result.  Also note that you can read from a $data value as well as a *FILE handle.  Use either/or.

# old school style
use Digest::MD5  qw(md5 md5_hex md5_base64);

$digest = md5($data);
$digest = md5_hex($data);
$digest = md5_base64($data);

# OO style
use Digest::MD5;
$ctx = Digest::MD5->new;

$digest = $ctx->digest;
$digest = $ctx->hexdigest;
$digest = $ctx->b64digest;


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

LVL 27

Expert Comment

ID: 8009758
PC_User321 and blinkie23 answered the usage question.

I just wanted to comment that MD5 is a hashing algorithm and NOT an encryption algorithm.  Anyone with access to the hashed password will be able to extract the "real" password.

Expert Comment

ID: 8009900
MD5 is definitly a hash function.  but it is a one-way hash if i understand it correctly.  thus, the common user will not simply be able to run a simple function on it to extract the real password.  it is possible to guess the correct password (usually more easily by socially chosen password guesses than brute force).  password guessing is done by comparing hashed guesses to the known hashed password.

thus, a hashed password is still better than plaintext passwords.  an MD5 password is (i think) better than a standard unix (crypt) password.  and it's always best to shadow your passwd files, so that no one can see the hash values to begin with.
LVL 27

Assisted Solution

wilcoxon earned 132 total points
ID: 8010070
First, MD5 has been deprecated.  You should always use Digest::MD5 (which is included in core perl).

Yes, my previous answer wasn't complete.  Looking at the POD for Digest::MD5, I see that my memory was also faulty (I answered previously without relooking at the docs).

I don't think it is possible to retrieve the input data from a MD5-hash in any manner.  Digest::MD5 takes an arbitrary input of any length and generates a 128-bit "fingerprint" which will virtually always be unique (MD5-hashes are regarded as one of the ultimate ways for testing the uniqueness of files as no two non-duplicate files have ever been found to generate the same two figerprints).

I'm not sure that this would work at all for "encrypting" passwords (unless the input/password is less than 128-bits).  I don't see any methods for retrieving the original input data but one could probably be written given some constraints on the input and an understanding of the MD5 alorithm.

Expert Comment

ID: 8010184
part of the idea behind one-way hashes are that it is mathematically impossible to reverse the algorithm, even if you know the exact nature of it.  that is also assuming the algorithm is airtight... previous algoritms have been known to faulter due to unknown mathematical constraints.  once these "bugs" are discovered (by skilled mathematical genuises working for NSA-like organziations probably), the algorithm is completely ineffective.

anyway, here is a little fact that i found interesting about the MD5 algorithm and it's output hashes.  apparently the greatest test of a hashing algorithm's merit (which MD5 supposively accomplishes) is that if you have a file of large enough size, > 1mb, and change just one byte, then the 128-bit output value will be completely different than what it was before.  you, or any significantly intelligent program, should not be able to distinguish between the hash value that is just a 1byte change, or a completely different file.  this is also quite difficult to implement in a hash algorithm.
LVL 27

Expert Comment

ID: 8010250
Somehow, I think I should stop posting today.  My brain doesn't seem to be working.  :(

I just reread the last paragraph of my last post and immediately noted that it is completely in error.  Of course, it would work for passwords - you just compare the already-hashed password to the hashed "new" password and see if they match (which I believe is how most unix systems handle passwords).

Expert Comment

ID: 8010434
here is a simple perl implementation of how a unix system might confirm a password challenge is correct by comparing hashes.  getpwuid returns /etc/passwd/ info given a uid.  $< is effective user id, or real uid.

one crypt's a plaintext guess, using the hashed real passwd as a "seed".  if the two hashes match, then the guess is correct.  of course this script isn't very effective, as most modern /etc/passwd files mask the passwd hash strings these days.  only root knows.

my $guess = $ARGV[0];

my($loginId, $passwd, $uid, $gid,$quota, $comment,$gcos, $home, $shell) = getpwuid($<);

if($passwd eq crypt($guess,$passwd)){
    print "correct\n";
} else {
    print "incorrect\n";

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many time we need to work with multiple files all together. If its windows system then we can use some GUI based editor to accomplish our task. But what if you are on putty or have only CLI(Command Line Interface) as an option to  edit your files. I…
I have been pestered over the years to produce and distribute regular data extracts, and often the request have explicitly requested the data be emailed as an Excel attachement; specifically Excel, as it appears: CSV files confuse (no Red or Green h…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Six Sigma Control Plans
Suggested Courses

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question