Questions tagged [password-encryption]

Password encryption is the act of securing a password with another password. If your intent is to use passwords for authentication (e.g. for logins), you should look at password hashing instead of encryption. Use this tag for question about how or better still whether to encrypt passwords.

Password encryption is the act of securing a password with another password. If your intent is to use passwords for authentication (e.g. for logins), you should look at hashing instead of encryption. Use this tag for question about how or better still whether to encrypt passwords.

A critical but non-technical problem with password encryption is that legal non-repudiability of transactions is lost, because it ceases to be true that only the password holder could have executed the transaction. This alone should be enough to disqualify password encryption from use almost anywhere.

Useful Links

1191 questions

1342

votes

26 answers

How should I ethically approach user password storage for later plaintext retrieval?

As I continue to build more and more websites and web applications I am often asked to store user's passwords in a way that they can be retrieved if/when the user has an issue (either to email a forgotten password link, walk them through over the…

security password-encryption password-storage

asked Feb 17 '10 at 19:54

Shane

16,779
5
27
46

votes

3 answers

Salt and hashing, why not use username?

I must confess to being largely ignorant on most of the high-tech security issues relevant for web applications, but there is one thing I at least thought I could ask because it is a direct question with (hopefully) a concrete answer. Take this…

encryption hash cryptography salt password-encryption

asked Apr 06 '11 at 10:42

Lasse V. Karlsen

380,855
102
628
825

votes

1 answer

Why is the output of werkzeugs `generate_password_hash` not constant?

When I run werkzeug.security.generate_password_hash("Same password") (docs) multiple times, the output is different each time. What am I doing wrong? Why is it not constant?

python flask password-encryption

asked May 02 '14 at 16:09

Shankar ARUL

12,642
11
68
69

votes

4 answers

How to hash password in play framework (maybe with BCrypt)

I'm a bit new to play framework and password hashing. I tried to find some solutions for hashing my passwords and I found BCrypt. Do you think that's good enough to hashing passwords. And if it's good, how can I get it working in the play framework?…

playframework playframework-2.1 bcrypt password-encryption

asked Aug 15 '13 at 21:45

Tigi1991

votes

2 answers

Generate a 10-digit TOTP password with a certain key

This problem is related to TOTP as specified in RFC6238 here: https://www.rfc-editor.org/rfc/rfc6238#section-1.2. I am to implement the RFC6238 to generate a 10-digit TOTP password, which will be used in a POST request later on. The sample input and…

java encryption hmac password-encryption one-time-password

asked Mar 02 '17 at 03:47

Nicholas Sadjoli

votes

4 answers

Hashing a SecureString in .NET

In .NET, we have the SecureString class, which is all very well until you come to try and use it, as to (for example) hash the string, you need the plaintext. I've had a go here at writing a function that will hash a SecureString, given a hash…

c# .net password-encryption securestring

asked Jan 12 '13 at 12:33

Mark Raymond

votes

5 answers

Using encoded password for the datasource used in spring applicationContext.xml

I want to keep encoded password in my below mentioned springApplicationContext.xml Is there any way to achieve this? presently I have configured all properties using property-placeholder as shown below but the raw password is still open in my…

spring hibernate datasource apache-commons-dbcp password-encryption

asked Oct 11 '12 at 07:43

Sandy

votes

1 answer

Why isn't salt required to compare whether password is correct in bcrypt?

I would like to use node.js bcrypt to hash passwords before storing them in the database. This link provides the documentation. https://github.com/kelektiv/node.bcrypt.js Here is an example on hashing the password. var bcrypt =…

node.js encryption bcrypt password-encryption

asked Jan 10 '17 at 08:22

guagay_wk

26,337
54
186
295

votes

1 answer

Call to undefined function password_hash()

I am running php version 5.4.16 on localhost right now, while I am developing my site. I want to use password_hash(), but I keep getting this error: Fatal error: Call to undefined function password_hash() in /dir/to/file.php on line 123 Why is…

php password-encryption password-hash php-password-hash undefined-function

asked Jan 06 '14 at 17:17

user3162085

votes

4 answers

Password to key function compatible with OpenSSL commands?

For example, the command: openssl enc -aes-256-cbc -a -in test.txt -k pinkrhino -nosalt -p -out openssl_output.txt outputs something like: key = 33D890D33F91D52FC9B405A0DDA65336C3C4B557A3D79FE69AB674BE82C5C3D2 iv =…

c openssl cryptography password-encryption kdf

asked Feb 28 '12 at 20:07

Tudor

4,137
5
38
54

votes

2 answers

The proper way of implementing user login system

I want to make a user login system for the purpose of learning. I have several questions. I did some research and found that the proper way of implementing a user login system is to store the user name/id and the encrypted/hashed version of the…

authentication authorization password-encryption logonserver

asked Jul 30 '13 at 22:02

Joey

2,732
11
43
63

votes

2 answers

How do I encrypt passwords with PostgreSQL?

I have some problems with encoding passwords,how can I do it. Type of encoding md5 digest(data text, type text) returns bytea; CREATE OR REPLACE FUNCTION md(bytea) returns text AS $$ SELECT encode(digest($1, 'sha1'), 'md5') $$ LANGUAGE SQL…

postgresql encryption password-encryption

asked Sep 06 '13 at 11:17

Karen Manukyan

votes

5 answers

Best practice for storing usernames & password in MySQL Databases

Possible Duplicate: Secure hash and salt for PHP passwords I am making a system that has stores user credentials (email, username and password) in a MySQL database and have seen conflicting views on using encryption, salting and encryption…

mysql database database-design encryption password-encryption

asked May 01 '12 at 11:53

Phil Young

1,334
3
21
43

votes

2 answers

Maximum length of generated hash when using password_hash?

I'm using password_hash($password, PASSWORD_BCRYPT); to encrypt passwords to store in a database. As I read, there's no length limit on generated hashes, but I need to know the maximum length so I can use it to define the field in my database…

php password-encryption

asked Jan 31 '14 at 12:03

giozh

9,868
30
102
183

votes

6 answers

Password encryption with Spring/Hibernate - Jasypt or something else?

In a Java application stack with Spring & Hibernate (JPA) in the Data Access Layer, what are good methods of applying the password encryption (hopefully using annotations), and where can you find out more about getting it done (tutorial, etc)? It's…

java hibernate jpa password-encryption jasypt

asked Jul 02 '09 at 15:39

stevedbrown

8,862
8
43
58

2 3

…

79 80 Next