Topic: Password encryption  (Read 1521 times)

0 Members and 3 Guests are viewing this topic.

Offline FPF-SCM_TraceyG_XC

  • Empress of the Empire
  • Commander
  • *
  • Posts: 2543
  • Gender: Female
Password encryption
« on: November 29, 2005, 02:13:02 am »
A question for the programmers...

If you were going to write a program that stored passwords in a database, what encyption method (if anyl) would you use?
Captain FPF-TraceyG, Federation Protection Fleet


SFC2.net Admin member
SFC3.net Admin member
Voting member of the DGA
Member of XenoCorp, Squadron Commodore

Offline Bonk

  • Commodore
  • *
  • Posts: 13298
  • You don't have to live like a refugee.
Re: Password encryption
« Reply #1 on: November 29, 2005, 07:52:00 am »
SHA256 is the new standard, as I understand it.

http://www.dynaverse.net/forum/index.php/topic,163360317.msg1122624384.html#msg1122624384

In particular:
http://www.php.net/manual/en/ref.mhash.php

But it depends on the database really. MySQL is only using a 45 byte password hash for its own accounts, so encrypting beyond that may be redundant... but I suppose if someone hacked into the db it might be useful if the passwords you stored there were more deeply encrypted than the db accounts themselves...

But for most purposes the good old MD5 hash will do, unless you expect elite haxors to get into your db..

Offline FPF-SCM_TraceyG_XC

  • Empress of the Empire
  • Commander
  • *
  • Posts: 2543
  • Gender: Female
Re: Password encryption
« Reply #2 on: November 30, 2005, 12:31:27 pm »
Thanks for the reply, Bonk.  :)
Captain FPF-TraceyG, Federation Protection Fleet


SFC2.net Admin member
SFC3.net Admin member
Voting member of the DGA
Member of XenoCorp, Squadron Commodore

Offline Dracho

  • Global Moderator
  • Rear Admiral
  • *
  • Posts: 18289
  • Gender: Male
Re: Password encryption
« Reply #3 on: November 30, 2005, 12:38:35 pm »
Triple DES..

Blowfish is also okay. http://www.schneier.com/blowfish.html
The worst enemy of a good plan is the dream of a perfect plan.  - Karl von Clausewitz

Offline Bonk

  • Commodore
  • *
  • Posts: 13298
  • You don't have to live like a refugee.
Re: Password encryption
« Reply #4 on: November 30, 2005, 04:08:04 pm »
Is it legal to use DES outside the US yet?

That is pretty much the raison d'etre for the Canadian OpenBSD out of Winnipeg no?

Offline FPF-SCM_TraceyG_XC

  • Empress of the Empire
  • Commander
  • *
  • Posts: 2543
  • Gender: Female
Re: Password encryption
« Reply #5 on: November 30, 2005, 07:57:47 pm »
Well, whether it is legal or not, if I write the code myself then how can the use of an algorithm be policed? lol

The inspiration for my question came from a documentary I was watching on the Discovery channel the other day about the American Civil War. The Confederates were using a code that was almost ancient and was cracked by the North. Despite that, it was actually an interesting method for encoding messages, but far too easy to crack these days.
Captain FPF-TraceyG, Federation Protection Fleet


SFC2.net Admin member
SFC3.net Admin member
Voting member of the DGA
Member of XenoCorp, Squadron Commodore

Offline Dracho

  • Global Moderator
  • Rear Admiral
  • *
  • Posts: 18289
  • Gender: Male
Re: Password encryption
« Reply #6 on: December 01, 2005, 07:04:20 am »
Is it legal to use DES outside the US yet?

That is pretty much the raison d'etre for the Canadian OpenBSD out of Winnipeg no?

DES (not Triple-DES) has already been cracked.
The worst enemy of a good plan is the dream of a perfect plan.  - Karl von Clausewitz