Programming Forums
User Name Password Register
 

RSS Feed
FORUM INDEX | TODAY'S POSTS | UNANSWERED THREADS | ADVANCED SEARCH

Reply
Page 1 of 2 1 2 >
 
Thread Tools Display Modes
Old Jun 27th, 2007, 2:04 AM   #1
programmingnoob
Hobbyist Programmer
 
Join Date: Feb 2006
Posts: 154
Rep Power: 3 programmingnoob is on a distinguished road
what exactly is password encryption?
I mean I know what the term means and what it does...
but should every internet application that requires login information etc use it for password and such?
programmingnoob is offline   Reply With Quote
Old Jun 27th, 2007, 4:28 AM   #2
kruptof
Professional Programmer
 
kruptof's Avatar
 
Join Date: May 2006
Location: UK - London
Posts: 330
Rep Power: 3 kruptof is on a distinguished road
There are other methods of authentication, but username and password i think are the easiest to implement.
__________________
Quote:
When I was young it seemed that life was so wonderful,a miracle, oh it was beautiful, magical.
Now watch what you say or they'll be calling you a radical,a liberal, oh fanatical, criminal. Oh won't you sign up your name,we'd like to feel you're acceptable, respectable, oh presentable, a vegetable
kruptof is offline   Reply With Quote
Old Jun 27th, 2007, 9:05 AM   #3
Infinite Recursion
Programming Guru
 
Infinite Recursion's Avatar
 
Join Date: Jul 2004
Location: United States
Posts: 3,467
Rep Power: 8 Infinite Recursion is on a distinguished road
Send a message via MSN to Infinite Recursion Send a message via Yahoo to Infinite Recursion
Without having a form of secure authentication, encrypted password or otherwise, you are asking for trouble.
__________________
http://jasonpowers.net

"There are a thousand hacking at the branches of evil to one who is striking at the root."
Infinite Recursion is offline   Reply With Quote
Old Jun 27th, 2007, 11:09 AM   #4
Satans_Banjo
Newbie
 
Join Date: Oct 2006
Posts: 15
Rep Power: 0 Satans_Banjo is on a distinguished road
Usually with websites when users sign up to the website and set their password their password is encrypted in a way that can't be reversed. Then, each time the user enters their password to log in this password is encrypted in the same way and compared to the encrypted version of the password they provided. If these encrypted passwords match then the user can enter the website. This way if someone manages to view the passwords stored in the database all they can see is the encrypted passwords and therefore they can't reverse engineer them because that one encrypted password could be the result of several different passwords
Satans_Banjo is offline   Reply With Quote
Old Jun 27th, 2007, 11:25 AM   #5
programmingnoob
Hobbyist Programmer
 
Join Date: Feb 2006
Posts: 154
Rep Power: 3 programmingnoob is on a distinguished road
Quote:
Originally Posted by Satans_Banjo View Post
Usually with websites when users sign up to the website and set their password their password is encrypted in a way that can't be reversed. Then, each time the user enters their password to log in this password is encrypted in the same way and compared to the encrypted version of the password they provided. If these encrypted passwords match then the user can enter the website. This way if someone manages to view the passwords stored in the database all they can see is the encrypted passwords and therefore they can't reverse engineer them because that one encrypted password could be the result of several different passwords
that helps.....
so basically it's making sure that even if someone gets hold of database, he gets nothing that could harm anybody?
cool
programmingnoob is offline   Reply With Quote
Old Jun 27th, 2007, 11:27 AM   #6
Satans_Banjo
Newbie
 
Join Date: Oct 2006
Posts: 15
Rep Power: 0 Satans_Banjo is on a distinguished road
Quote:
Originally Posted by programmingnoob View Post
that helps.....
so basically it's making sure that even if someone gets hold of database, he gets nothing that could harm anybody?
cool
Exactly. Although they would still have peoples' e-mail addresses so that could be irritating but nothing that could be used really maliciously
Satans_Banjo is offline   Reply With Quote
Old Jun 27th, 2007, 3:52 PM   #7
programmingnoob
Hobbyist Programmer
 
Join Date: Feb 2006
Posts: 154
Rep Power: 3 programmingnoob is on a distinguished road
Quote:
Originally Posted by Infinite Recursion View Post
Without having a form of secure authentication, encrypted password or otherwise, you are asking for trouble.
i thought encrypted password was a form of secure authentication =/
programmingnoob is offline   Reply With Quote
Old Jun 27th, 2007, 4:26 PM   #8
Booooze
Expert Programmer
 
Booooze's Avatar
 
Join Date: Mar 2006
Location: Igloo
Posts: 710
Rep Power: 3 Booooze is on a distinguished road
Send a message via MSN to Booooze
Quote:
Originally Posted by Satans_Banjo View Post
Exactly. Although they would still have peoples' e-mail addresses so that could be irritating but nothing that could be used really maliciously
Not exactly all true. Remember the user can always run a brute-force or dictionary attack the on database/file. I remember reading an article where one administrator ran a brute force attack on a file that contained all the usernames and passwords for a company. It totaled about 800 employees. He broke all the passwords in 3 minutes. Turns out all the users were using extremely common passwords. The article is somewhere on IT Canada I think.
Booooze is offline   Reply With Quote
Old Jun 27th, 2007, 4:50 PM   #9
Satans_Banjo
Newbie
 
Join Date: Oct 2006
Posts: 15
Rep Power: 0 Satans_Banjo is on a distinguished road
Quote:
Originally Posted by Booooze View Post
Not exactly all true. Remember the user can always run a brute-force or dictionary attack the on database/file. I remember reading an article where one administrator ran a brute force attack on a file that contained all the usernames and passwords for a company. It totaled about 800 employees. He broke all the passwords in 3 minutes. Turns out all the users were using extremely common passwords. The article is somewhere on IT Canada I think.
Yeah but all password encryption is susceptible to brute force, it just depends on how long it takes. And dictionary attacks could always be used if people keep simple passwords
Satans_Banjo is offline   Reply With Quote
Old Jun 27th, 2007, 5:41 PM   #10
programmingnoob
Hobbyist Programmer
 
Join Date: Feb 2006
Posts: 154
Rep Power: 3 programmingnoob is on a distinguished road
Quote:
Originally Posted by Booooze View Post
Not exactly all true. Remember the user can always run a brute-force or dictionary attack the on database/file. I remember reading an article where one administrator ran a brute force attack on a file that contained all the usernames and passwords for a company. It totaled about 800 employees. He broke all the passwords in 3 minutes. Turns out all the users were using extremely common passwords. The article is somewhere on IT Canada I think.
hmmm ... so what do I do to guard against that? =/
programmingnoob is offline   Reply With Quote
Reply
Page 1 of 2 1 2 >

Bookmarks

« Previous Thread in Forum | Next Thread in Forum »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
[Python] Password Generator bulio Show Off Your Open Source Projects 2 Feb 28th, 2006 3:01 AM
Interesting Encryption Sane Python 0 Feb 26th, 2006 12:49 PM
password box ragenuub Visual Basic 5 Nov 15th, 2005 3:46 PM
Just a small password generator Jessehk Show Off Your Open Source Projects 3 Sep 16th, 2005 8:41 AM
ONETT Encryption Sane Coder's Corner Lounge 6 Aug 5th, 2005 12:07 AM


Contact Us - DaniWeb IT Discussion Community - Privacy Statement - Top


DaniWeb IT Discussion Community
All times are GMT -5. The time now is 10:40 AM.

Powered by vBulletin® Version 3.7.0, Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Copyright ©2007 DaniWeb® LLC