password-encryption

问题 I have some problems with encoding passwords,how can I do it. Type of encoding md5 digest(data text, type text) returns bytea; CREATE OR REPLACE FUNCTION md(bytea) returns text AS $$ SELECT encode(digest($1, 'sha1'), 'md5') $$ LANGUAGE SQL STRICT IMMUTABLE; INSERT INTO "login"(login, password, employee_id) VALUES ( 'email',crypt('password', md('md5')), 1); *** Error ** * ERROR: syntax error at or near "digest" SQL state: 42601 Character: 1 回答1: digest(data text, type text) returns bytea; is

问题 My first question is, I've heard that hashing the string 2 times (e.g. sha1(sha1(password)) ), because the second hash has a fixed length, is it true?? My the second question is, which is safer? (var1 and var2 are 2 strings): sha1(var1 + sha1(var2)) sha1(var1 + var2) If it is the 1st one, is it worth the performance cost? 回答1: By hashing the string twice, you are increasing the risk of collisions, which is bad security-wise. Instead of having an infinite amount of inputs leading to 2 128

问题 I am creating a database for a website I've just developed but I need to encrypt my passwords. I've never encrypted passwords before and I don't know how to do it, I've searched google and a lot of websites but all they do is confuse me. Here is my Sproc: CREATE TABLE USERS( Username Nvarchar(200) PRIMARY KEY NOT NULL, Password Nvarchar(200) NOT NULL, EmailPassword Nvarchar(200) NOT NULL, UsernamePassword Nvarchar(200) NOT NULL ) CREATE TABLE Usernames( Username Nvarchar(200) FOREIGN KEY

问题 I am trying to validate an encrypted password for login purposes in Pyramid. So that if the user and password match then the system will authorize the user. At the moment I am finding it difficult to write a function to compare passwords when one is encrypted in the database and the the password being entered into Pyramid's login form is unencrypted. Right now, I have no verification occurring in the login view. I am new to this entire process of working with security measures/code and want

问题 Closed . This question needs to be more focused. It is not currently accepting answers. Want to improve this question? Update the question so it focuses on one problem only by editing this post. Closed 5 years ago . I am using jQuery Ajax to login a user. Right now, I use JS to grab the values from the username and password textboxes and send them to a aspx page which checks the credentials. It then returns JSON letting the user know if they are logged in or not. Everything works well, but I

问题 I hash my inserted passwords via password_hash. I verify them by using password_verify. However when I insert a hashed password in my database and I try to verify it, both outputs always differ from eachother. my pages are as following, main_login.php (form): <?php include 'header.php';?> <body> <form role="form" method="post" action="login.php"> <div class="form-group"> <label for="usrname">Username:</label> <input type="text" class="form-control" name="usrname" placeholder="Enter username">

问题 A password cannot be specified in unzip ( utils ) function. The other function I am aware of, getZip ( Hmisc ), only works for zip files containing one compressed file. I would like to do something like this to unzip all the files in foo.zip in Windows 8: unzip("foo.zip", password = "mypass") 回答1: I found this question very useful but saw that no formal answers were posted, so here goes: First I installed 7z. Then I added "C:\Program Files\7-Zip\" to my environment path. I tested that the 7z

问题 I'm doing some Java encryption, and cannot figure out a way to properly use the the PBEWithHmacSHA512AndAES_256 algorithm. Encryption seems to work fine, but I am unable to properly initialize a decryption cipher. Below is a short program that demonstrates the issue. In particular, see the "PROBLEM" comment. Note: I have seen this very helpful answer, and I can get things to work using that scheme, but I'm curious to know what I'm doing wrong here. import java.nio.charset.StandardCharsets;

问题 let's assume that I am listening a network , and I acquired some bits, but I want to know if there is a way to determine bits are encrypted ? what method or algorithm exists ? I mean if the bits are meaningless, it means encrypted but is there are more technical approach or algorithm to determine from bits let's say I have 0101010100001011001001100001001, how would you tell that if this is encrypted ? 回答1: Generally speaking, you can't. Encrypted data is, in almost all cases,

问题 I'm writing a QML client for a service that needs authentication with a username and password. At the moment I am using a c++ plugin to encrypt and decrypt the password, but I'd like to replace that with plain QML to avoid the platform-specific binary. Not an option: hard-coding an encryption key (since that could be extracted from the package) hashing (since I need to be able to recover the password in plain-text) security by obscurity (obviously) 回答1: There is this type of question from