Re: [WebDNA] ENCRYPTION problems

This WebDNA talk-list message is from

2012


It keeps the original formatting.
numero = 109273
interpreted = N
texte = Stuart, You can store seed encrypted passwords and then decrypt them for auth purposes (as per Govinda's note), but I think a more safe and standard method is to store salted hash values that can't ever be decrypted.[1] Sometimes systems need to be able to retrieve passwords, so this is not the best in those cases, and you could use WebDNA's encryption instead. When I use a seed, I like to encrypt the seed as well, in a text file, then include it and decrypt the seed to auth against. I'm pretty paranoid in general. ;-) 1. http://en.wikipedia.org/wiki/Salt_%28cryptography%29 christophe.billiottet@webdna.us wrote: > Included in WebDNA 7+ is a strong blowfish algorithm (probably the most secure encrypting system available with WebDNA) > It was also existing in WebDNA 6 but undocumented because there were some problems with it. Problems fixed with WebDNA 7+. > > - chris Blowfish will also be included with upcoming release of WebDNA 6.2.1 Note:, the two WebDNA encryption options (LOKI - WebDNA's default, and Blowfish) will not work together obviously. Both encryption mechanisms are strong kung fu. I haven't personally tested the blowfish fix as of yet. Donovan -- Donovan Brooke WebDNA Software Corporation http://www.webdna.us **[Square Bracket Utopia]** Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] ENCRYPTION problems (Stuart Tremain 2012)
  2. Re: [WebDNA] ENCRYPTION problems (Donovan Brooke 2012)
  3. Re: [WebDNA] ENCRYPTION problems (christophe.billiottet@webdna.us 2012)
  4. Re: [WebDNA] ENCRYPTION problems (Govinda 2012)
  5. [WebDNA] ENCRYPTION problems (Stuart Tremain 2012)
Stuart, You can store seed encrypted passwords and then decrypt them for auth purposes (as per Govinda's note), but I think a more safe and standard method is to store salted hash values that can't ever be decrypted.[1] Sometimes systems need to be able to retrieve passwords, so this is not the best in those cases, and you could use WebDNA's encryption instead. When I use a seed, I like to encrypt the seed as well, in a text file, then include it and decrypt the seed to auth against. I'm pretty paranoid in general. ;-) 1. http://en.wikipedia.org/wiki/Salt_%28cryptography%29 christophe.billiottet@webdna.us wrote: > Included in WebDNA 7+ is a strong blowfish algorithm (probably the most secure encrypting system available with WebDNA) > It was also existing in WebDNA 6 but undocumented because there were some problems with it. Problems fixed with WebDNA 7+. > > - chris Blowfish will also be included with upcoming release of WebDNA 6.2.1 Note:, the two WebDNA encryption options (LOKI - WebDNA's default, and Blowfish) will not work together obviously. Both encryption mechanisms are strong kung fu. I haven't personally tested the blowfish fix as of yet. Donovan -- Donovan Brooke WebDNA Software Corporation http://www.webdna.us **[Square Bracket Utopia]** Donovan Brooke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

update on wn searching (1997) security (1997) New WebCatalog Version !!! (1997) Parsing webdna variable to javascript (2005) [WebDNA] path traversal (2020) Re(2): typhoon ? (2003) [WebDNA] Fails to recognize comma-separated db (2010) syntax question, not in online refernce (1997) Deleting associated records from 2 different databases (2001) need to delete a database remotely (2000) UnitShopCost (2007) Date Time Oddness (1999) To brighten your day... (2006) searching illegal HTML (2002) Frames and WebCat (1997) sorting by date Y2K mix up (2000) emailer prob (1998) PCS Frames (1997) ASP and WebCatalog ?? (2000) WebCatalog/WebMerchant 2.1 (1998)