Programming Forums
Page 1 of 2 1 2 >
Show 40 post(s) from this thread on one page

Programming Forums (http://www.programmingforums.org/forumindex.php)
-   Coder's Corner Lounge (http://www.programmingforums.org/forum11.html)
-   -   what exactly is password encryption? (http://www.programmingforums.org/showthread.php?t=13431)

programmingnoob Jun 27th, 2007 3:04 AM
what exactly is password encryption?
 
I mean I know what the term means and what it does...
but should every internet application that requires login information etc use it for password and such?

kruptof Jun 27th, 2007 5:28 AM
There are other methods of authentication, but username and password i think are the easiest to implement.

Infinite Recursion Jun 27th, 2007 10:05 AM
Without having a form of secure authentication, encrypted password or otherwise, you are asking for trouble.

Satans_Banjo Jun 27th, 2007 12:09 PM
Usually with websites when users sign up to the website and set their password their password is encrypted in a way that can't be reversed. Then, each time the user enters their password to log in this password is encrypted in the same way and compared to the encrypted version of the password they provided. If these encrypted passwords match then the user can enter the website. This way if someone manages to view the passwords stored in the database all they can see is the encrypted passwords and therefore they can't reverse engineer them because that one encrypted password could be the result of several different passwords

programmingnoob Jun 27th, 2007 12:25 PM
Quote:
Originally Posted by Satans_Banjo (Post 129718)
Usually with websites when users sign up to the website and set their password their password is encrypted in a way that can't be reversed. Then, each time the user enters their password to log in this password is encrypted in the same way and compared to the encrypted version of the password they provided. If these encrypted passwords match then the user can enter the website. This way if someone manages to view the passwords stored in the database all they can see is the encrypted passwords and therefore they can't reverse engineer them because that one encrypted password could be the result of several different passwords
that helps.....
so basically it's making sure that even if someone gets hold of database, he gets nothing that could harm anybody?
cool

Satans_Banjo Jun 27th, 2007 12:27 PM
Quote:
Originally Posted by programmingnoob (Post 129720)
that helps.....
so basically it's making sure that even if someone gets hold of database, he gets nothing that could harm anybody?
cool
Exactly. Although they would still have peoples' e-mail addresses so that could be irritating but nothing that could be used really maliciously

programmingnoob Jun 27th, 2007 4:52 PM
Quote:
Originally Posted by Infinite Recursion (Post 129716)
Without having a form of secure authentication, encrypted password or otherwise, you are asking for trouble.
i thought encrypted password was a form of secure authentication =/

Booooze Jun 27th, 2007 5:26 PM
Quote:
Originally Posted by Satans_Banjo (Post 129721)
Exactly. Although they would still have peoples' e-mail addresses so that could be irritating but nothing that could be used really maliciously
Not exactly all true. Remember the user can always run a brute-force or dictionary attack the on database/file. I remember reading an article where one administrator ran a brute force attack on a file that contained all the usernames and passwords for a company. It totaled about 800 employees. He broke all the passwords in 3 minutes. Turns out all the users were using extremely common passwords. The article is somewhere on IT Canada I think.

Satans_Banjo Jun 27th, 2007 5:50 PM
Quote:
Originally Posted by Booooze (Post 129729)
Not exactly all true. Remember the user can always run a brute-force or dictionary attack the on database/file. I remember reading an article where one administrator ran a brute force attack on a file that contained all the usernames and passwords for a company. It totaled about 800 employees. He broke all the passwords in 3 minutes. Turns out all the users were using extremely common passwords. The article is somewhere on IT Canada I think.
Yeah but all password encryption is susceptible to brute force, it just depends on how long it takes. And dictionary attacks could always be used if people keep simple passwords

programmingnoob Jun 27th, 2007 6:41 PM
Quote:
Originally Posted by Booooze (Post 129729)
Not exactly all true. Remember the user can always run a brute-force or dictionary attack the on database/file. I remember reading an article where one administrator ran a brute force attack on a file that contained all the usernames and passwords for a company. It totaled about 800 employees. He broke all the passwords in 3 minutes. Turns out all the users were using extremely common passwords. The article is somewhere on IT Canada I think.
hmmm ... so what do I do to guard against that? =/


All times are GMT -5. The time now is 2:44 AM.
Page 1 of 2 1 2 >
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.7.0, Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Copyright ©2007 DaniWeb® LLC