Stack Overflow
Stack Overflow

Questions tagged [password-encryption]

Password encryption is the act of securing a password with another password. If your intent is to use passwords for authentication (e.g. for logins), you should look at password hashing instead of encryption. Use this tag for question about how or better still whether to encrypt passwords.

Password encryption is the act of securing a password with another password. If your intent is to use passwords for authentication (e.g. for logins), you should look at hashing instead of encryption. Use this tag for question about how or better still whether to encrypt passwords.

A critical but non-technical problem with password encryption is that legal non-repudiability of transactions is lost, because it ceases to be true that only the password holder could have executed the transaction. This alone should be enough to disqualify password encryption from use almost anywhere.

Useful Links

1091 questions
8
votes
2 answers

Best practice of Hashing passwords

I would like to know which method to use to store passwords in database. I have implemented it using MD5 but according to some posts SHA1 is more secure. Is there any other method which is more secure? Please help me finding out a best method to…
Arti
  • 2,719
  • 7
  • 55
  • 108
8
votes
1 answer

How does mvn --encrypt-master-password work?

I would like to know the algorithm or technique used by this command (mvn --encrypt-master-password ). Each time I run it produces a different output. I'm assuming that it takes system time as a seed parameter.
SDS
  • 798
  • 2
  • 15
  • 34
8
votes
2 answers

Which implementation of bcrypt is recommended for PHP 5.3?

OK, I finally understand bcrypt, how it works, and how to store it in the DB, so I'm almost good to go. The problem now is picking which implementation of bcrypt to use with PHP 5.3. I'm going crazy looking at all the different solutions, and I'm…
ProgrammerGirl
  • 2,998
  • 6
  • 38
  • 72
7
votes
3 answers

Changing master password that is used for encryption

I want to store some data encrypted, for example like a password manager where your master password unlocks all the underlying app/site passwords. Looking around I found some examples like this, but they seem to use the password as a part of the…
PixelSnader
  • 320
  • 2
  • 7
7
votes
1 answer

PHP password_verify() vs Python bcrypt.hashpw()

So, right to it. I have setup a [simple] PHP REST API where I am receiving a hashed password via the X-API-KEY header key. This works great when interfacing with another PHP script and the phrase is hashed via PHP's password_hash() method. However,…
kdougan
  • 193
  • 1
  • 9
7
votes
1 answer

What makes openssl_random_pseudo_bytes "cryptographically secure"?

I've always been told that I should use openssl_random_pseudo_bytes when giving passwords a salt. But what I would really love to know, is what makes it cryptographically secure. What is the internal difference between rand, mt_rand and…
thephpdev
  • 1,061
  • 9
  • 23
7
votes
2 answers

Correctly using crypt() with SHA512 in PHP

All the examples online show the use of crypt like this: $pass = crypt('something','$6$rounds=5000$anexamplestringforsalt$'); But everyone says that you are not supposed to define the rounds or the salt. So how should I use it? Also I am having a…
ShadowZzz
  • 395
  • 2
  • 4
  • 17
7
votes
1 answer

My applications need to send emails, where and how should I store the SMTP password?

It seems like every application I create needs to be able to send the occasional email. E.g. status emails. For this question, assume my application is a backup tool, locally installed on many windows clients, and each installation needs to send…
Reto Höhener
  • 3,910
  • 4
  • 28
  • 54
7
votes
2 answers

Can I improve the security of MD5 hashed passwords by salting the existing MD5 hash and hash the result using Scrypt or PBKDF2 HMACSHA256?

I have a database of legacy passwords that were salted and hashed using MD5. I would like to update the system so that the data is more secure. The first option is to transition the users to a new hashing scheme (Salt + Scrypt or PBKDF2 HMACSHA256)…
jpshook
  • 4,516
  • 6
  • 34
  • 44
6
votes
2 answers

Best + Strongest method of encryption for databases

I am storing Paswords and Personal Data in a database. What is the strongest method for encrypting these values for protection. Also, what is the best method for encryption for Credit Card info in a database? Or should I use something else to…
H Bellamy
  • 20,906
  • 22
  • 68
  • 110
6
votes
2 answers

Storing and validating encrypted password for login in Pyramid

I am trying to validate an encrypted password for login purposes in Pyramid. So that if the user and password match then the system will authorize the user. At the moment I am finding it difficult to write a function to compare passwords when one is…
thesayhey
  • 858
  • 2
  • 15
  • 36
6
votes
1 answer

How to store password on Android

I am looking to understand Android keystore for the purpose of storing passwords on device. (https://developer.android.com/training/articles/keystore.html) In this article it says "Use the Android Keystore provider to let an individual app store its…
popxmail
  • 61
  • 1
  • 2
6
votes
3 answers

How to safely store passwords on Android?

The task is to save the entered password(PasswordStr) or mKey.getEncoded byte[] and later automatically send to the Crypto API (Cipher) SecretKey mKey = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new…
Mixer
  • 1,172
  • 3
  • 18
  • 38
6
votes
1 answer

Storing credentials for automated use

I've already looked around, and since i'm no security or encryption expert, I am still confused on how to implement encryption in my program. I need a server to login to its gitHub account to update code files with special headers. The only…
maliddle
  • 128
  • 7
6
votes
2 answers

How to use Spring StandardPasswordEncode and Get Salt Generate?

How do I encrypt a password insert it into the db and after the comparison when he will want to connect? I would use StandardPasswordEncoder Spring security 3.1.4 to encrypt my password and insert into the db. But how do I recovered the salt…
MaximeF
  • 3,385
  • 4
  • 34
  • 46
1 2 3
72 73