开发者

Is there a way to test if a string is encrypted in perl?

开发者 https://www.devze.com 2023-01-29 08:31 出处:网络
I was wondering if there is a way to \"test\" to see if a particular string is encrypted or not. I am using Crypt::CBC to encrypt a password with Rijndael.

I was wondering if there is a way to "test" to see if a particular string is encrypted or not. I am using Crypt::CBC to encrypt a password with Rijndael.

As it stands my script has a "switch" that is either set as 0 or 1 that tells the script weather or not the password needs to be passed through the decrypt phase in order to be read.

I would like to eliminate that phase if I could.

The reason is I am trying to prevent the users of script from possibly prsenting the script with a situation where the password is encrypted but the 开发者_高级运维"switch" was set to 0 meaning not encrypted because this would create a huge "trainwreck".


change your apps so passwords are only stored encrypted. confusion gone.


Rijndael has a block size of 128-bits so the output will always be a multiple of this.

If the encrypted passwords are hex-encoded then that will give you strings that are a multiple of 32 characters. In fact, with the IV added, the strings will always be at least 64 characters: 128 bits of IV followed by 128 bits of ciphertext block 1.

You could therefore look for strings of the right length that contain only [0-9a-f]. They are probably encrypted because I suspect few people can use a 64-character string of randomness as their real password.

If they're base64 encoded then the strings will be a different length, obviously.

This doesn't guarantee that you can always detect an encrypted password but it's probably not too bad.

0

精彩评论

暂无评论...
验证码 换一张
取 消