passwords

I will be working with very sensitive data in an app. Obfuscation by my definition is not added security, it will only delay the cracker with finite time. Is it possible that Proguard does this so well it may be called added security? What is most sensitive are some network calls. It will be hard to sniff the password because we will generate the password on both sides and check it's validity with timestamps. Problem is the app may be reverse engineered and the generate algorithm may be exploited. It is not possible to keep the algorithm locally in a file because with a rooted phone the

I have a database of hashed passwords that had no salt added before they were hashed. I want to add salt to new passwords. Obviously I can't re-hash the existing ones. How would you migrate to a new hashing system? Sure you can. Just add a salt to the existing hash and hash it again. Of course this will require any future logins to go through the same process meaning two hash functions will need to be called but lots of legitimate patterns do this anyway so it doesn't smell as bad as you might think. Salting a password is an effort to defend against rainbow tables. In this case the salt does

I am facing a problem with my production database. The password expired and although I changed the password, it still says it is expired. Even stranger, I have a production web application and a development web application. Both of them access the same database. The production web application works perfectly, and with the development web application I always get: 10:25:42,919 WARN [JBossManagedConnectionPool] Throwable while attempting to get a new connection: null org.jboss.resource.JBossResourceException: Could not create connection; - nested throwable: (java.sql.SQLException: ORA-28001: the