password-storage

Password hashing - Industry Standards

爷,独闯天下 提交于 2020-01-04 13:59:50
问题 I know there are probably a lot of questions like this already. But, I really haven't found the definite answer for my question. I know that passwords are stored in the database with a prepended random salt followed by the hashed password. The value of the password is actually never known (by the server and thus the server admins). What is the standard hashing algorithm ? I know cryptography is a dynamic field and changes with time. So I'm asking what's the current industry standard for

Castle ActiveRecord / NHibernate - Password Encryption or Hashing

一世执手 提交于 2019-12-25 00:09:43
问题 What is the proper way to work with Passwords you don't want to store in clear text in a database? What are my options in NHibernate / Castle ActiveRecord? UPDATE: I was interested in how others handle this with NHibernate / Castle ActiveRecord. And if there was anything built into NHibernate or Castle ActiveRecord. 回答1: Hash the password. Don't encrypt - it's complex and/or unsafe. There's no conceivable circumstance in which it wouldn't be OK to reset the password based on some other

Is there a standard to store username and password in WP7 applications?

谁都会走 提交于 2019-12-20 09:37:07
问题 I would like to ask if there is a standard to store username and password in a Windows Phone application. I am working on a project that validates the user on every request that is called. So, I want to store the username and password. Maybe even give them the possibility to "remember me", so if there isn't a standard for doing that, I will have to write it myself, but I'm guessing that Microsoft has a build-in one. 回答1: Use ProtectedData. I found this example on Kevin D. Wolf's

SALT and HASH using pbkdf2

拟墨画扇 提交于 2019-12-20 08:49:17
问题 I am using the following methods to create a salted and hashed password from the crypto lib in nodejs: crypto.randomBytes(size, [callback]) crypto.pbkdf2(password, salt, iterations, keylen, callback) For the randomBytes call (creating the SALT) what size should I use? I have heard 128-bit salts, maybe up to 256-bit. It looks like this function uses a size in bytes so can I assume a size of 32 (256 bits) is sufficient? For the pbkdf2 call, what is a good number of iterations and what is a good

Update object properties

▼魔方 西西 提交于 2019-12-20 04:45:09
问题 I'm using Struts 2, my problem is that I don't want to update all my object properties because I got some sensitive data. Here is my code example public class person { private name; private email; private password; } In my form for example I display the name and email for update ,so when I update my person properties after submission ,the password property of the person gets the value null,but when I put the property password in the <s:hidden> tag in the form the update works fine. How to

Sequelize: don't return password

孤街醉人 提交于 2019-12-17 22:14:59
问题 I'm using Sequelize to do a DB find for a user record, and I want the default behavior of the model to not return the password field for that record. The password field is a hash but I still don't want to return it. I have several options that will work, but none seems particularly good: Create a custom class method findWithoutPassword for the User model and within that method do a User.find with the attributes set as shown in the Sequelize docs Do a normal User.find and filter the results in

Why not use MD5 for password hashing?

て烟熏妆下的殇ゞ 提交于 2019-12-17 06:49:15
问题 I have a friend which is a white hat hacker. He says that md5 is not really that bad and actually is really secure, just if we use it properly. I believe that he is right. As I know, there is 3 ways to break hashes: Using Rainbow tables (Which can be secured against by a long/random salt) Collision (Which can be prevented by multiple salts or hashes - as in example bellow) Generation time (Which is not much important if we use a long enough salt value per each user - AFAIK) I and my friend

Safely store credentials between website visits

倾然丶 夕夏残阳落幕 提交于 2019-12-09 19:05:16
问题 I'm building a website which allows users to create accounts and access the site's content. I don't want users to log in each time they visit the site, so I'm planning on storing the username and password in a cookie -- however, I've heard this is bad practice, even if the password is hashed in the cookie. What "best practices" should I follow to safely remember of a users credentials between visits to my website? 回答1: Don't ever do that. Throwing around passwords in the open. Safest method:

Is there a standard to store username and password in WP7 applications?

拥有回忆 提交于 2019-12-02 19:11:17
I would like to ask if there is a standard to store username and password in a Windows Phone application. I am working on a project that validates the user on every request that is called. So, I want to store the username and password. Maybe even give them the possibility to "remember me", so if there isn't a standard for doing that, I will have to write it myself, but I'm guessing that Microsoft has a build-in one. Use ProtectedData . I found this example on Kevin D. Wolf's efficientcoder.net : public static String Password { get { if (IsolatedStorageSettings.ApplicationSettings.Contains(STR

SALT and HASH using pbkdf2

折月煮酒 提交于 2019-12-02 16:18:57
I am using the following methods to create a salted and hashed password from the crypto lib in nodejs: crypto.randomBytes(size, [callback]) crypto.pbkdf2(password, salt, iterations, keylen, callback) For the randomBytes call (creating the SALT) what size should I use? I have heard 128-bit salts, maybe up to 256-bit. It looks like this function uses a size in bytes so can I assume a size of 32 (256 bits) is sufficient? For the pbkdf2 call, what is a good number of iterations and what is a good length for the key (keylen)? Also, for storage I have seen examples of storing the salt, length,