Re: [WebDNA] ENCRYPTION problems

This WebDNA talk-list message is from

2012


It keeps the original formatting.
numero = 109273
interpreted = N
texte = Stuart, You can store seed encrypted passwords and then decrypt them for auth purposes (as per Govinda's note), but I think a more safe and standard method is to store salted hash values that can't ever be decrypted.[1] Sometimes systems need to be able to retrieve passwords, so this is not the best in those cases, and you could use WebDNA's encryption instead. When I use a seed, I like to encrypt the seed as well, in a text file, then include it and decrypt the seed to auth against. I'm pretty paranoid in general. ;-) 1. http://en.wikipedia.org/wiki/Salt_%28cryptography%29 christophe.billiottet@webdna.us wrote: > Included in WebDNA 7+ is a strong blowfish algorithm (probably the most secure encrypting system available with WebDNA) > It was also existing in WebDNA 6 but undocumented because there were some problems with it. Problems fixed with WebDNA 7+. > > - chris Blowfish will also be included with upcoming release of WebDNA 6.2.1 Note:, the two WebDNA encryption options (LOKI - WebDNA's default, and Blowfish) will not work together obviously. Both encryption mechanisms are strong kung fu. I haven't personally tested the blowfish fix as of yet. Donovan -- Donovan Brooke WebDNA Software Corporation http://www.webdna.us **[Square Bracket Utopia]** Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] ENCRYPTION problems (Stuart Tremain 2012)
  2. Re: [WebDNA] ENCRYPTION problems (Donovan Brooke 2012)
  3. Re: [WebDNA] ENCRYPTION problems (christophe.billiottet@webdna.us 2012)
  4. Re: [WebDNA] ENCRYPTION problems (Govinda 2012)
  5. [WebDNA] ENCRYPTION problems (Stuart Tremain 2012)
Stuart, You can store seed encrypted passwords and then decrypt them for auth purposes (as per Govinda's note), but I think a more safe and standard method is to store salted hash values that can't ever be decrypted.[1] Sometimes systems need to be able to retrieve passwords, so this is not the best in those cases, and you could use WebDNA's encryption instead. When I use a seed, I like to encrypt the seed as well, in a text file, then include it and decrypt the seed to auth against. I'm pretty paranoid in general. ;-) 1. http://en.wikipedia.org/wiki/Salt_%28cryptography%29 christophe.billiottet@webdna.us wrote: > Included in WebDNA 7+ is a strong blowfish algorithm (probably the most secure encrypting system available with WebDNA) > It was also existing in WebDNA 6 but undocumented because there were some problems with it. Problems fixed with WebDNA 7+. > > - chris Blowfish will also be included with upcoming release of WebDNA 6.2.1 Note:, the two WebDNA encryption options (LOKI - WebDNA's default, and Blowfish) will not work together obviously. Both encryption mechanisms are strong kung fu. I haven't personally tested the blowfish fix as of yet. Donovan -- Donovan Brooke WebDNA Software Corporation http://www.webdna.us **[Square Bracket Utopia]** Donovan Brooke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

can we reset Linux file permissions w/in [shell] ? (2000) WebCat2b13MacPlugIn - [showif][search][/showif] (1997) Separate SSL Server (1997) Further tests with the infamous shipCost (1997) upgrading (1997) Q: writefile and uploads. (1998) Database changes (1998) Smart caching problems with 2.1b3? (1997) variables in or out of includes (2001) Help! WebCat2 bug (1997) Typhoon 4 -- yes or no? (2000) [cart] not being interpreted inside [founditems] (1997) Founditems (1998) Help!!!! (1999) Getting the domain of every request ... (2003) OLD ORDERS (1998) WC2.0 Memory Requirements (1997) NT version (1997) Part Html part WebDNA (1997) Public beta 2 for WebCatalog 4.0 is now available. (2000)