password-encryption

I am using jQuery Ajax to login a user. Right now, I use JS to grab the values from the username and password textboxes and send them to a aspx page which checks the credentials. It then returns JSON letting the user know if they are logged in or not. Everything works well, but I noticed while using Firebug that the password was being sent in plain text. What is the best way to encrypt the password? (BTW, I am not on a HTTPS server) Bcrypt could be your friend. And there is also an implementation in Javascript named jsBCrypt . I highly recommend reading this insightful article: Storing

I would like to know the algorithm or technique used by this command (mvn --encrypt-master-password ). Each time I run it produces a different output. I'm assuming that it takes system time as a seed parameter. The encryption mechanism is not in the maven codebase per se. It is located on a library called plexus-cipher . It is always on the maven distribution. Mine is on lib/plexus-cipher-1.7.jar being 3.0.5 the maven version. The actual cipher is AES/CBC/PKCS5Padding . The key for the cipher and IV for the block chaining are derived iterating SHA-256 -ing over the provided password (encoded

I am currently creating application using Java, I googled password encryption with java but the results are so enormous I felt overwhelmed. How would I encrypt and decrypt a password using Java? And what is the best practice for encrypting and decrypting passwords? I am guessing MD5 is not a way to go since it is a one way hash. I am using struts2 as my framework, was wondering if they provide password encryption Updated : Try JBCrypt: String password = "MyPassword123"; String hashed = BCrypt.hashpw(password, BCrypt.gensalt(12)); System.out.println(hashed); // $2a$12$QBx3

When I run werkzeug.security.generate_password_hash("Same password") ( docs ) multiple times, the output is different each time. What am I doing wrong? Why is it not constant? Martijn Pieters The password is salted , yes. The salt is added to the password before hashing, to ensure that the hash isn't useable in a rainbow table attack . Because the salt is randomly generated each time you call the function, the resulting password hash is also different. The returned hash includes the generated salt so that can still correctly verify the password. Demo: >>> from werkzeug.security import generate

A password cannot be specified in unzip ( utils ) function. The other function I am aware of, getZip ( Hmisc ), only works for zip files containing one compressed file. I would like to do something like this to unzip all the files in foo.zip in Windows 8: unzip("foo.zip", password = "mypass") I found this question very useful but saw that no formal answers were posted, so here goes: First I installed 7z. Then I added "C:\Program Files\7-Zip\" to my environment path. I tested that the 7z command was recognized from the command line. I opened R and typed in system("7z x secure.7z -pPASSWORD")

This question already has an answer here: Secure hash and salt for PHP passwords 14 answers I'm working on a website that should be very safe for the users, so I need the hash the passwords. Usually I'm using the MD5, but I read that it doesn't safe anymore. So I tried PHPass, but then I read that it also has been cracked. So I tried password_hash() of PHP 5.5, but I use HostGator, and the PHP there is 5.4. Also I want to be able to add salt without knowing it (like time() * userid() ), like in the password_hash() . The hash strength is very important to me because I want to be 100% sure that