Saving Encrypted Passwords
-
Whats the simplist way to encrypt/decrypt a user's plaintext password? I'd like to give them a "Save your password" checkbox so that they won't need to type it again. Saving it as plain text would be a (possibly minor) security flaw, and using a hash wouldn't work because I wouldn't be able to decrypt it before passing it on to the authentication module. Basically, what I'm getting at is: Are there any "standard" encryption methods for use on plain text passwords? (NOTE: The encryption doesn't have to be very strong, just something that gives the text a sufficient "jumbling up" would suffice.) Thanks! :cool: -- Edward Livingston (aka ExtraLean) -- "I still maintain that seeing a nipple is far less disturbing than seeing someone get their brains blown out." -- Chris Maunder
-
Whats the simplist way to encrypt/decrypt a user's plaintext password? I'd like to give them a "Save your password" checkbox so that they won't need to type it again. Saving it as plain text would be a (possibly minor) security flaw, and using a hash wouldn't work because I wouldn't be able to decrypt it before passing it on to the authentication module. Basically, what I'm getting at is: Are there any "standard" encryption methods for use on plain text passwords? (NOTE: The encryption doesn't have to be very strong, just something that gives the text a sufficient "jumbling up" would suffice.) Thanks! :cool: -- Edward Livingston (aka ExtraLean) -- "I still maintain that seeing a nipple is far less disturbing than seeing someone get their brains blown out." -- Chris Maunder
Use MD5 encryption. A lot of free C++ libraries provides it, for example here. Tip: you shouldn't decrypt the password :). Instead, in the authentication module, retrieve a password from user, encrypt it by MD5 and compare it with the saved (encrypted) password. Robert-Antonio "CRAY is the only computer, which runs an endless loop in just 4 hours"
-
Use MD5 encryption. A lot of free C++ libraries provides it, for example here. Tip: you shouldn't decrypt the password :). Instead, in the authentication module, retrieve a password from user, encrypt it by MD5 and compare it with the saved (encrypted) password. Robert-Antonio "CRAY is the only computer, which runs an endless loop in just 4 hours"
Robert A. T. Káldy wrote: Tip: you shouldn't decrypt the password . Instead, in the authentication module, retrieve a password from user, encrypt it by MD5 and compare it with the saved (encrypted) password. Yes, that would be the standard way to do it, but the whole point is that I don't want to retrieve a password from the user. I want them to be able to save their password so that it just logs them in after decrypting their saved password. Also, the authentication module is a third party solution, and it expects the password in plain text. Thanks for the input, any other ideas? -- Edward Livingston (aka ExtraLean) -- "I still maintain that seeing a nipple is far less disturbing than seeing someone get their brains blown out." -- Chris Maunder
-
Robert A. T. Káldy wrote: Tip: you shouldn't decrypt the password . Instead, in the authentication module, retrieve a password from user, encrypt it by MD5 and compare it with the saved (encrypted) password. Yes, that would be the standard way to do it, but the whole point is that I don't want to retrieve a password from the user. I want them to be able to save their password so that it just logs them in after decrypting their saved password. Also, the authentication module is a third party solution, and it expects the password in plain text. Thanks for the input, any other ideas? -- Edward Livingston (aka ExtraLean) -- "I still maintain that seeing a nipple is far less disturbing than seeing someone get their brains blown out." -- Chris Maunder
Hmmmm...if you want to save the passwords in a form, which can be algorithmically decrypted, it isn't more secure, that saving it in plaintext :). If you only want BFU not to read the saved passwords in Notepad, you should use ROT13. It simply rotates the letters by 13 (A->N, B->O etc.). Or use a Vigenere cipher (see here). Robert-Antonio "Science is a differerntial equation. Religion is a boundary condition."