Hi Markus, As others have mentioned, don’t store CC data unless you really really have to. You make a system compromise so much worse if you’ve got CC stuff lying around. That said, there’s ERXCryptoString and the ERPrototype by the same name.
For password hashing, the new state of the art is Argon2. Google held a password hashing competition and this is the winner. https://password-hashing.net/ For java, it looks like you just compile the C and Runtime.exec() the thing. I’ll be most interested in seeing this implemented in a browser (a new <password> tag perhaps?) and/or ported to Javascript, because I’ve had a change of heart about password hashes recently. Remember that there are three factors to authentication, Something only you are (biometrics) Something only you have (yubikey) Something only you know (password) How is it something *only* you know if you’ve just uploaded it as plaintext to some stranger's server on the www? In short, I think hashing should be done client side. The salt could be generated using username+domain or something. This would also distribute the workload of the slow hash out to the clients, preventing the need to have some gigantic beefy password hashing machine. Ramsey On Nov 4, 2015, at 2:40 AM, Markus Ruggiero <mailingli...@kataputt.com> wrote: > Folks, > > another quick question: what are you using for secure storage of passowords > and credit card data in a Wonder app? Is there anything in Wonder (probably > there is, but it is not always easy to find things), or are you using other > things/libs/code? Any code examples? > > Thanks for any hint / pointer /example > ---markus--- > > _______________________________________________ > Do not post admin requests to the list. They will be ignored. > Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) > Help/Unsubscribe/Update your Subscription: > https://lists.apple.com/mailman/options/webobjects-dev/rgurley%40smarthealth.com > > This email sent to rgur...@smarthealth.com _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
