SHA1 isn't an encryption, it's a hash. A hash is one-way, you can't rehydrate the original data from a hash. base64 isn't encryption, it's encoding- meaning anyone can decode it.
If you really want to pass the audit, find out from them what hash algorithm will pass. Maybe SHA-512 will pass? On Tue, 22 Apr 2008 14:12:26 +0000, Paul Cowan <[EMAIL PROTECTED]> wrote: >Hi,We have a web application that where the username and password are stored in the database.The password is stored as SHA1. We have just been through a security audit which deemed SHA1 to be not the saftest encryption algorithm.Is there any way we can update the passwords from SHA1 to base64?We also need to have the transport running over https, how can we develop against Https without purchasing a certificate? >Is there a [EMAIL PROTECTED] =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
