Stack Overflow
Stack Overflow

Questions tagged [password-encryption]

Password encryption is the act of securing a password with another password. If your intent is to use passwords for authentication (e.g. for logins), you should look at password hashing instead of encryption. Use this tag for question about how or better still whether to encrypt passwords.

Password encryption is the act of securing a password with another password. If your intent is to use passwords for authentication (e.g. for logins), you should look at hashing instead of encryption. Use this tag for question about how or better still whether to encrypt passwords.

A critical but non-technical problem with password encryption is that legal non-repudiability of transactions is lost, because it ceases to be true that only the password holder could have executed the transaction. This alone should be enough to disqualify password encryption from use almost anywhere.

Useful Links

1091 questions
10
votes
1 answer

Recover a Maven encrypted password?

I have Maven set up for password encryption with a master password, and some time ago I encrypted a password with that and stored it in my settings.xml. The password is successfully in use by Maven plugins. Now I want to recover that password for…
Jesse Glick
  • 22,072
  • 9
  • 77
  • 100
9
votes
1 answer

How to solve Password Management - Password in configuration

Hi I am using HP fortify to find all vulnerabilities of my App, and now i am trying to solve one that seems basic but I am not able to do it. The problem is about password in configuration. I have an web application and inside of it in a properties…
cralfaro
  • 5,389
  • 3
  • 18
  • 25
9
votes
2 answers

Password encoding and decoding using Spring Security, Spring Boot and MongoDB

I use the mentions software stack above and I need to encrypt password before save into database. I also need to decrypt password because when someone will change password he she needs to give in the old password and then the new onw twice and I…
quma
  • 4,043
  • 19
  • 59
  • 121
9
votes
4 answers

Why is password hashing, e.g. php's password_hash so slow?

I am using password_hash for password encryption. However there is a strange question, password_hash cost very long time. Here is a sample code. this code will cost more than 1 second. Is that normal?
Lynn
  • 111
  • 1
  • 4
9
votes
3 answers

How do I properly use the "PBEWithHmacSHA512AndAES_256" algorithm?

I'm doing some Java encryption, and cannot figure out a way to properly use the the PBEWithHmacSHA512AndAES_256 algorithm. Encryption seems to work fine, but I am unable to properly initialize a decryption cipher. Below is a short program that…
jwd
  • 9,860
  • 3
  • 35
  • 59
9
votes
1 answer

AES-256 Password Based Encryption/Decryption in Java

I found a guide for implementing AES encryption/decryption in Java and tried to understand each line as I put it into my own solution. However, I don't fully understand it and am having issues as a result. The end goal is to have passphrase based…
volo_java
  • 93
  • 1
  • 1
  • 5
9
votes
1 answer

How to make Ubuntu's crypt(3) support Blowfish?

According to the crypt(3) manual, Blowfish (indicated by the $2a$ prefix) is one of the supported cypher methods: ID | Method ───────────────────────────────────────────────────────── 1 | MD5 2a | Blowfish (not in mainline glibc; added in some …
mae
  • 12,340
  • 8
  • 28
  • 40
9
votes
2 answers

How to use scrypt to generate hash for password and salt in Python

I would like to use scrypt to create a hash for my users' passwords and salts. I have found two references, but there are things I don't understand about them. They use the scrypt encrypt and decrypt functions. One encrypts a random string and the…
Mitch
  • 2,078
  • 6
  • 27
  • 45
8
votes
0 answers

Good practices for storing passwords needed for cronjob?

The title basically says it all, what's a good practice for storing passwords that are needed by a cronjob? For example if you want to run a cron periodically ssh'ing into another machine, you don't just put the user and password plain in the bash…
yspreen
  • 1,167
  • 2
  • 12
  • 25
8
votes
1 answer

PHP password_hash(), default or custom salt?

I am thinking of using password_hash() function to encrypt user passwords. I understand that this function generates salt by default if you don't provide it, and it is even encouraged to use the default salt instead of your own. I am currently…
Mario Plantosar
  • 766
  • 9
  • 21
8
votes
1 answer

How to Encrypt String With Public Key and Decrypt with Private key ?

i want to encrypt a password with a key from server and decrypt the encrypted password in serverside. this is the code i have used in my application /* * To change this license header, choose License Headers in Project Properties. * To change this…
Rajorshi Biswas
  • 97
  • 1
  • 1
  • 2
8
votes
3 answers

Java AES encryption and decryption with static secret

I have an application that needs to store some secret passwords in a configuration file such as database and ftp passwords/detail. I've looked around and found a lot of encryption/decryption solutions using AES, but I can't seem to figure out how to…
Aaron
  • 323
  • 3
  • 9
8
votes
1 answer

Store a key or password securely locally on android

I'm making an android application and currently, I have my server username and password written as constants in my code (which is not very secure). I have researched online but I couldn't really find something that would completely secure the…
Pranav
  • 143
  • 1
  • 5
8
votes
5 answers

Safe way to store decryptable passwords

I'm making an application in PHP and there is a requirement that it must be possible to decrypt the passwords in order to avoid problems in the future with switching user database to different system. Consider that it's not possible to modify this…
Jammer
  • 97
  • 1
  • 4
8
votes
2 answers

Password max length with bcrypt, blowfish

My question derives from this How to hash long passwords (>72 characters) with blowfish I am using bcrypt(blowfish) to hash the passwords. So, as I found out from this…
dav
  • 7,757
  • 10
  • 71
  • 126
1 2
3
72 73