tags:

views:

1516

answers:

3
+3  Q: 

What is the best password encryption & decryption library to use with Perl?

I am writing a perl script that manipulates password protected zip files. Consequently I need to store & retrieve passwords to do this. I have three options for storing the password:

  1. Store in plain text. Before you jump in, I have pretty much ruled out this option.
  2. Use a simple password munger to prevent casual/accidental access (even by the DBAs)
  3. Use a proper encryption/decryption library, such as Blowfish or AES.

Whatever I choose must run in Perl, under Windows and be easy to use.

Any suggestions?

+2  A: 

The main problem with approach 3 is that, where do you store the key to the file that does contain the passwords? You could use Base64 for approach 2 but that very easy to "decrypt".

Keltia  2009-01-19 23:32:16
Why did that get any down votes? This IS a problem and you need to store the keys somewhere. But even with that issue resolved, how do you keep miscreants from inserting a "warn $password" in your code?
innaM  2009-01-20 08:48:18
Exactly.If anyone who can't be trusted with the passwords has access to the machine your script runs on, any encryption is trivially defeated.
jrockway  2009-01-20 09:18:09
Thanks for trying to help me point to the root of the problem :)
Keltia  2009-01-20 11:01:39
+1  A: 

There should be no question here. You must use a sufficiently strong encryption scheme. You are being entrusted with sensitive data, and you must do everything possible to secure it.

If you are using Windows, you can leverage DPAPI to encrypt the AESkey and have it stored in the registry. Perl has modules to interact with Win32 libraries.

Best encryption is subjective, however AES 128 is sufficiently strong as of Jan 2009 to encrypt your data.

Even the best encryption schemes can be defeated if the user does not fully understand what they are doing.

Alan  2009-01-19 23:47:55
+3  A: 

There are a few Perl encryption packages that run on Windows, you can download the PPMs with ActivePerl package manager.

You can also use the pure Perl version of those modules (look for the name ending in _PP).

I found those on CPAN:

Mathieu Longtin  2009-01-20 01:49:21

related questions

How to implement password protection for individual files?
Encrypting appSettings in web.config
Usefulness of SQL Server "with encryption" statement
How can I use a key blob generated from Win32 CryptoAPI in my .NET application?
CodeReview: Tiny Encryption Algorithm for arbitrary sized data
Simple encryption implementation in C
Which hard disk encryption software to choose?
Passing untampered data from Flash app to server?
How do I prevent replay attacks?
Is there a best .NET algorithm for credit card encryption?
Encrypt data from users in web applications
How to encrypt one message for multiple recipients?
Two-way password encryption without ssl
What's the answer to this Microsoft PDC challenge?
GPG: How does key signing work and how is it done?
Secure Online Highscore Lists for Non-Web Games
Programmatically encrypting a config-file in .NET
How do I use 3des encryption/decryption in Java?
Encryption in C# Web-Services
Suitable alternative to CryptEncrypt
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
C# - CryptographicException: Padding is invalid and cannot be removed
How can I encode xml files to xfdl (base64-gzip)?
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Encrypting Passwords