salt

node.js how to repreduce PHP MD5 encryption

只谈情不闲聊 提交于 2019-12-07 08:18:59
问题 I'm converting an existing php based website to a node.js app, and I need to reproduce this encryption method from php to js. private static $_passwordSalt = 'd2g6IOP(U(&§)%U§VUIPU(HN%V/§§URerjh0ürfqw4zoöqe54gß0äQ"LOU$3wer'; public static function getCryptedPassword($password = 'password') { return sha1(md5(self::$_passwordSalt.$password)); } So far I've tried this but it does not return the same results: UserSchema.methods.hashPassword = function(password) { var salt = 'd2g6IOP(U(&§

Unique Salt per User using Flask-Security

☆樱花仙子☆ 提交于 2019-12-07 02:18:15
问题 After reading here a bit about salting passwords, it seems that it's best to use a unique salt for each user. I'm working on implementing Flask-Security atm, and from the documentation it appears you can only set a global salt: ie SECURITY_PASSWORD_SALT = 'thesalt' Question: How would one go about making a unique salt for each password? Thanks! edit: from the docs on Flask-Security, I found this, which seems to again suggest that this module only uses a single salt for all passwords out of

What is the point of salt and hashing if database is accessible?

心不动则不痛 提交于 2019-12-06 21:56:58
问题 I just learned the concept of hashing ("Hey! don't forget the salt!") and using salt to make the password secured. Hashing it is a one way encryption (actually not encryption but hashing) so it cannot be reversed engineered. Salting is prefixing or appending randomly created values to the password before hashing 'coz the problem in hashing (just hashing) is, some genius has provided a hash table of words from the dictionary so that they'll just compare the hash from that dictionary to the

comparing salt and hashed passwords during login doesn't seem work right

可紊 提交于 2019-12-06 15:44:38
问题 I stored salt and hash values of password during user registration... But during their login i then salt and hash the password given by the user, what happens is a new salt and a new hash is generated.... string password = collection["Password"]; reg.PasswordSalt = CreateSalt(6); reg.PasswordHash = CreatePasswordHash(password, reg.PasswordSalt); These statements are in both registration and login.... salt and hash during registration was eVSJE84W and 18DE22FED8C378DB7716B0E4B6C0BA54167315A2

ASP.NET password hashing and password salt

我是研究僧i 提交于 2019-12-06 14:51:51
问题 I'm creating a custom "add user" page in ASP.Net web forms and have hit a problem. I can insert all the data into the membership table but the passwords are stored in plain text and the password salt has been hardcoded. How do i go about hashing the passwords so that users can log in (as the membership framework checks for a password hash and not a clear text password). Also, is the salt completely random or is it linked to the password hash somehow? Any help would be greatly appreciated,

PHP storing password with blowfish & salt & pepper

£可爱£侵袭症+ 提交于 2019-12-06 14:42:39
问题 I want to store secure user passwords in a MySQL database with PHP. How can I make it better? My Class: private static $algo = '$2a'; private static $cost = '$10'; private static $pepper = 'eMI8MHpEByw/M4c9o7sN3d'; public static function generateSalt($length) { $randomBinaryString = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM); $randomEncodedString = str_replace('+', '.', base64_encode($randomBinaryString)); return substr($randomEncodedString, 0, $length); } public static function

Spring Security 3 + Random Salt

扶醉桌前 提交于 2019-12-06 11:09:44
So I understand that you can check a password in Spring Security with salt based on a userDetail property and then hash it to compare to a hash in the database, however what if the salt used when creating each user is random (and is stored in the DB), would I need to create my own userDetails class that contains a salt property and then set that as the field spring security uses to salt with in the securityApplicationContext? If so how would I go about writing my own userDetails class to accomplish that? Sorry still pretty new to Spring/Java. Ok but then how do I tell the

PHP crypt(pass, salt) alternative in Java - Blowfish algorithm

*爱你&永不变心* 提交于 2019-12-06 08:59:19
问题 I'm using on php server function crypt like this: $hash = crypt($password, '$2y$10$' . $salt); It makes hash of password by Blowfish method. I'm looking for java equivalent for crypt password. I found this code, but I don't know where add $salt. More above: String key = "abcd"; SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(), "Blowfish"); Cipher cipher = Cipher.getInstance("Blowfish"); cipher.init(cipher.ENCRYPT_MODE, keySpec); return DatatypeConverter.printBase64Binary(cipher

User Login with a single query and per-user password salt

这一生的挚爱 提交于 2019-12-06 07:51:13
问题 I've decided to implement a user login using a per-user salt, stored in the database. The salt is prefixed to a password which is hashed with SHA and stored in the databse. In the past when I wasn't using a salt I would use the typical method of counting the number of rows returned by a query using the user inputted username and password. With a per user salt however, you need to get the salt before you can compare it with the stored password hash. So to avoid having two queries (1 to get the

Correct way of creating salted hash password

守給你的承諾、 提交于 2019-12-06 05:25:18
I am new to storing passwords on databases and from what I read I have created a simple php script below <?php $salt = openssl_random_pseudo_bytes (16); $password = "test"; $hash = hash ("sha512" , $salt . $password); echo $hash; ?> Am I doing this correctly? Should the salt be stored in databases as byte datatype? Should the final hash be stored at String datatype in database? The SHA* algorithms are not appropriate to hash passwords, because they are ways too fast, and therefore can be brute-forced too fast. Instead one should use a slow algorithm like BCrypt or PBKDF2 with a cost factor,
订阅 salt