Re: [WebDNA] Best practice re: password storage

This WebDNA talk-list message is from

2013


It keeps the original formatting.
numero = 110774
interpreted = N
texte = Tom, I don't know what method WebDNA standard encryption uses, but whenever I encrypt I use blowfish because I find the output "prettier" and easier to deal with since I don't have to fiddle with all the [url]ing, but that's just me. [url][url][encrypt seed=secret]salt-value.password-value[/encrypt][/url][/url] 5%258D%25EE%2540%2596%25C6%25A5%2515%25D4h%25E6%255C%25DDO%2528%257C%25ABT%25B7%25C8%251B%252Aj%25F4%25AF%25B8/0%25B0%25D9uY vs. [encrypt seed=secret&method=blowfish]salt-value.password-value[/encrypt] 8c13ab1401786f015b64821c6920756a082d91a7090cdf170ffd995ebf5de1fd -Dan Strong http://www.DanStrong.com On 10/2/2013 1:34 PM, Stuart Tremain wrote: > Tom > > Anything that encrypt I do like this: > > > [URL][URL][ENCRYPT seed=secret]password-value[/ENCRYPT][/URL][/URL] > > Very straight forward in the docs: http://www.webdna.us/page.dna?numero=83 > > > If you are wanting to have these encrypted passwords portable to other systems then you will have to look at other methods. > > > > > > On 03/10/2013, at 6:20 AM, Tom Duke wrote: > >> Hi all, >> >> I've been reading up recently on password hashing with salts etc, and I'm hoping to implement a process that I can then document and outline to clients. >> >> My problem is I can't determine from the docs what encryption method is used when implementing 'standard' WebDNA encryption. >> >> So if I store passwords using a one way hash with: >> >> [encrypt]salt-value.password-value[/encrypt] >> >> can anyone tell me what algorithm is used? >> >> Also how are other people handing password storage? >> >> Thanks >> - Tom >> >> >> --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > Bug Reporting: support@webdna.us Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Best practice re: password storage (Dan Strong 2013)
  2. Re: [WebDNA] Best practice re: password storage (Tom Duke 2013)
  3. Re: [WebDNA] Best practice re: password storage (Dan Strong 2013)
  4. Re: [WebDNA] Best practice re: password storage (WebDNA 2013)
  5. Re: [WebDNA] Best practice re: password storage (Dan Strong 2013)
  6. Re: [WebDNA] Best practice re: password storage (WebDNA 2013)
  7. Re: [WebDNA] Best practice re: password storage (Dan Strong 2013)
  8. Re: [WebDNA] Best practice re: password storage (Dan Strong 2013)
  9. Re: [WebDNA] Best practice re: password storage (WebDNA 2013)
  10. Re: [WebDNA] Best practice re: password storage (Bill DeVaul 2013)
  11. Re: [WebDNA] Best practice re: password storage (Donovan Brooke 2013)
  12. Re: [WebDNA] Best practice re: password storage (Stuart Tremain 2013)
  13. Re: [WebDNA] Best practice re: password storage (Tom Duke 2013)
  14. Re: [WebDNA] Best practice re: password storage (Stuart Tremain 2013)
  15. Re: [WebDNA] Best practice re: password storage (Tom Duke 2013)
  16. Re: [WebDNA] Best practice re: password storage (Dan Strong 2013)
  17. Re: [WebDNA] Best practice re: password storage (Dan Strong 2013)
  18. Re: [WebDNA] Best practice re: password storage (Stuart Tremain 2013)
  19. Re: [WebDNA] Best practice re: password storage (Tom Duke 2013)
  20. Re: [WebDNA] Best practice re: password storage (Dan Strong 2013)
  21. Re: [WebDNA] Best practice re: password storage (Stuart Tremain 2013)
  22. [WebDNA] Best practice re: password storage (Tom Duke 2013)
Tom, I don't know what method WebDNA standard encryption uses, but whenever I encrypt I use blowfish because I find the output "prettier" and easier to deal with since I don't have to fiddle with all the [url]ing, but that's just me. [url][url][encrypt seed=secret]salt-value.password-value[/encrypt][/url][/url] 5%258D%25EE%2540%2596%25C6%25A5%2515%25D4h%25E6%255C%25DDO%2528%257C%25ABT%25B7%25C8%251B%252Aj%25F4%25AF%25B8/0%25B0%25D9uY vs. [encrypt seed=secret&method=blowfish]salt-value.password-value[/encrypt] 8c13ab1401786f015b64821c6920756a082d91a7090cdf170ffd995ebf5de1fd -Dan Strong http://www.DanStrong.com On 10/2/2013 1:34 PM, Stuart Tremain wrote: > Tom > > Anything that encrypt I do like this: > > > [url][url][ENCRYPT seed=secret]password-value[/ENCRYPT][/URL][/URL] > > Very straight forward in the docs: http://www.webdna.us/page.dna?numero=83 > > > If you are wanting to have these encrypted passwords portable to other systems then you will have to look at other methods. > > > > > > On 03/10/2013, at 6:20 AM, Tom Duke wrote: > >> Hi all, >> >> I've been reading up recently on password hashing with salts etc, and I'm hoping to implement a process that I can then document and outline to clients. >> >> My problem is I can't determine from the docs what encryption method is used when implementing 'standard' WebDNA encryption. >> >> So if I store passwords using a one way hash with: >> >> [encrypt]salt-value.password-value[/encrypt] >> >> can anyone tell me what algorithm is used? >> >> Also how are other people handing password storage? >> >> Thanks >> - Tom >> >> >> --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > Bug Reporting: support@webdna.us Dan Strong

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebCat2 - Getting to the browser's username/password data (1997) Rumpus/Typhoon modules included in Typhoon ... (1997) rename a file (1997) Multi vendor shop (2000) Backwards list behavior ... (1997) More on the email templates (1997) [OT]: BBEdit grep (2003) Credit card processing - UK (1997) Creating results.... (2003) Multiple prices (1997) [WebDNA] encoding with webdna/JS, in context of various file encodings/charsets (2010) Emailer port change (1997) [AppendFile] problem (WebCat2b13 Mac .acgi) (1997) (2000) Re[2]: Base64 encryption limitations? (1999) Large database on Mac OS X Server (2000) Testing (2003) A little syntax help (1997) [WebDNA] Installing 6.0 onto Server 2008 (2011) WebCat2 as a chat server? (1997)