don't forget you can also add any random string to any value before hashing it
so if customers password is "12345" then you can add "678910" to it
before hashing it and also include this in any hash comaprison as
well. This also helps with users who insist on using weak passwords.
On Thu, Oct 2
On Thu, Oct 20, 2011 at 12:26 PM, <> wrote:
> Further more, a hash value cannot be decrypted, then the passwords in the
> database are 100% protected.
>
They are certainly not 100% protected.
I've been using bCrypt lately with good results. More secure than an
unsalted hash, iterations and sal
On Thu, Oct 20, 2011 at 9:39 AM, Justin Scott wrote:
>
>> Further more, a hash value cannot be decrypted, then the
>> passwords in the database are 100% protected.
I once looked up my password on google and there it was. It wasn't a
common word either, but something along the lines of 8y8B*&
I
> Further more, a hash value cannot be decrypted, then the
> passwords in the database are 100% protected.
It's true that a hash can't be "decrypted" in the traditional sense,
but attackers have been building lists of pre-hashed common words to
compare hashes against for years (go search for "rai
As long as they both use the same Hash algorithm
http://livedocs.adobe.com/coldfusion/8/functions_h-im_01.html
You'll need to verify what hash your SQL system is using,
Here are the docs for MS SQL Server
http://msdn.microsoft.com/en-us/library/ms174415.aspx
On Thu, Oct 20, 2011 at 9:29 AM,
> Actually you don't need to decrypt passwords at all. For something
> like passwords you could use HASH store them in the data base. Then to
> check to see that a user's password is correct, also convert that to a
> has value and compare hash value to hash value. At least, that's how I
> do i
> If you use the same "settings" - algorithm and key they should be
> compatible.
So for instance, if I do an md5 hash update on all of the password in sql, I
can use the CF MD5 hash to check the password when a user logs in?
~~
>>For something like passwords you could use HASH store them in the data base.
Further more, a hash value cannot be decrypted, then the passwords in the
database are 100% protected.
~|
Order the Adobe Coldfusion Anthology now!
Actually you don't need to decrypt passwords at all. For something like
passwords you could use HASH store them in the data base. Then to check to see
that a user's password is correct, also convert that to a has value and compare
hash value to hash value. At least, that's how I do it.
Some sa
If you use the same "settings" - algorithm and key they should be
compatible.
On 10/20/11 9:13 AM, Torrent Girl wrote:
> Hi All.
>
> I have what may be a dumb question.
>
> I am going through the process of encrypting passwords in an existing
> database but I am doing it via a CF template where
Hi All.
I have what may be a dumb question.
I am going through the process of encrypting passwords in an existing database
but I am doing it via a CF template where I retrieve the top 5 records,
loop over them and update each record with an encrypted value. I know, I
know
I am doin
Hi All.
I have what may be a dumb question.
I am going through the process of encrypting passwords in an existing database
but I am doing it via a CF template where I retrieve the top 5 records,
loop over them and update each record with an encrypted value. I know, I
know
I am doin
12 matches
Mail list logo