Re: [WebDNA] ENCRYPTION problems
This WebDNA talk-list message is from 2012
It keeps the original formatting.
numero = 109273
interpreted = N
texte = Stuart,You can store seed encrypted passwords and then decrypt them for auth purposes (as per Govinda's note), but I think a more safe and standard method is to store salted hash values that can't ever be decrypted.[1] Sometimes systems need to be able to retrieve passwords, so this is not the best in those cases, and you could use WebDNA's encryption instead. When I use a seed, I like to encrypt the seed as well, in a text file, then include it and decrypt the seed to auth against. I'm pretty paranoid in general. ;-)1. http://en.wikipedia.org/wiki/Salt_%28cryptography%29christophe.billiottet@webdna.us wrote:> Included in WebDNA 7+ is a strong blowfish algorithm (probably the most secure encrypting system available with WebDNA)> It was also existing in WebDNA 6 but undocumented because there were some problems with it. Problems fixed with WebDNA 7+.>> - chrisBlowfish will also be included with upcoming release of WebDNA 6.2.1Note:, the two WebDNA encryption options (LOKI - WebDNA's default, and Blowfish) will not work together obviously. Both encryption mechanisms are strong kung fu. I haven't personally tested the blowfish fix as of yet.Donovan-- Donovan BrookeWebDNA Software Corporationhttp://www.webdna.us**[Square Bracket Utopia]**
Associated Messages, from the most recent to the oldest:
Stuart,You can store seed encrypted passwords and then decrypt them for auth purposes (as per Govinda's note), but I think a more safe and standard method is to store salted hash values that can't ever be decrypted.[1] Sometimes systems need to be able to retrieve passwords, so this is not the best in those cases, and you could use WebDNA's encryption instead. When I use a seed, I like to encrypt the seed as well, in a text file, then include it and decrypt the seed to auth against. I'm pretty paranoid in general. ;-)1. http://en.wikipedia.org/wiki/Salt_%28cryptography%29christophe.billiottet@webdna.us wrote:> Included in WebDNA 7+ is a strong blowfish algorithm (probably the most secure encrypting system available with WebDNA)> It was also existing in WebDNA 6 but undocumented because there were some problems with it. Problems fixed with WebDNA 7+.>> - chrisBlowfish will also be included with upcoming release of WebDNA 6.2.1Note:, the two WebDNA encryption options (LOKI - WebDNA's default, and Blowfish) will not work together obviously. Both encryption mechanisms are strong kung fu. I haven't personally tested the blowfish fix as of yet.Donovan-- Donovan BrookeWebDNA Software Corporationhttp://www.webdna.us**[Square Bracket Utopia]**
Donovan Brooke
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
can we reset Linux file permissions w/in [shell] ? (2000)
WebCat2b13MacPlugIn - [showif][search][/showif] (1997)
Separate SSL Server (1997)
Further tests with the infamous shipCost (1997)
upgrading (1997)
Q: writefile and uploads. (1998)
Database changes (1998)
Smart caching problems with 2.1b3? (1997)
variables in or out of includes (2001)
Help! WebCat2 bug (1997)
Typhoon 4 -- yes or no? (2000)
[cart] not being interpreted inside [founditems] (1997)
Founditems (1998)
Help!!!! (1999)
Getting the domain of every request ... (2003)
OLD ORDERS (1998)
WC2.0 Memory Requirements (1997)
NT version (1997)
Part Html part WebDNA (1997)
Public beta 2 for WebCatalog 4.0 is now available. (2000)