numero = 110775
interpreted = N
texte = --089e01536b6a310f7b04e7c82f8a Content-Type: text/plain; charset=UTF-8 Stuart, > [URL][URL][ENCRYPT seed=secret]password-value[/ENCRYPT][/URL][/URL] Hi - that's what I have been using as well. The problem is that if the site is hacked the seed is accessible and all of the passwords are immediately exposed. One client in particular has been advised that passwords should only be stored after being salted and encrypted using a one-way hash. The hash should not be MD5 or SHA1. Their concern is that while a hack would be bad enough to deal with, it would be worse if they ended up exposing all of the users passwords, or were seen not to have taken measures to protect the passwords. I would like to continue to use [encrypt] but I can't figure out what algorithm is used if no seed is specified. - Tom --089e01536b6a310f7b04e7c82f8a Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi - that's what I have been using as w= ell. =C2=A0 The problem is that if the site is hacked the seed is accessibl= e and all of the passwords are immediately exposed.
One client in particular has been advised that password= s should only be stored after being salted and encrypted using a one-way ha= sh. =C2=A0 The hash should not be MD5 or SHA1. =C2=A0 Their concern is that= while a hack would be bad enough to deal with, it would be worse if they e= nded up exposing all of the users passwords, or were seen not to have taken= measures to protect the passwords.
I would like to continue to use [encrypt] but I can'= ;t figure out what algorithm is used if no seed is specified.
- Tom
--089e01536b6a310f7b04e7c82f8a--
Associated Messages, from the most recent to the oldest:
--089e01536b6a310f7b04e7c82f8a Content-Type: text/plain; charset=UTF-8 Stuart, > [url][url][ENCRYPT seed=secret]password-value[/ENCRYPT][/URL][/URL] Hi - that's what I have been using as well. The problem is that if the site is hacked the seed is accessible and all of the passwords are immediately exposed. One client in particular has been advised that passwords should only be stored after being salted and encrypted using a one-way hash. The hash should not be MD5 or SHA1. Their concern is that while a hack would be bad enough to deal with, it would be worse if they ended up exposing all of the users passwords, or were seen not to have taken measures to protect the passwords. I would like to continue to use [encrypt] but I can't figure out what algorithm is used if no seed is specified. - Tom --089e01536b6a310f7b04e7c82f8a Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi - that's what I have been using as w= ell. =C2=A0 The problem is that if the site is hacked the seed is accessibl= e and all of the passwords are immediately exposed.
One client in particular has been advised that password= s should only be stored after being salted and encrypted using a one-way ha= sh. =C2=A0 The hash should not be MD5 or SHA1. =C2=A0 Their concern is that= while a hack would be bad enough to deal with, it would be worse if they e= nded up exposing all of the users passwords, or were seen not to have taken= measures to protect the passwords.
I would like to continue to use [encrypt] but I can'= ;t figure out what algorithm is used if no seed is specified.
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...