storing encrypted password in to database

P

Pragash Mr.

Hi,
I want to store encrypted password in to database....
If you have any solution plz reply

Thanx in advance
 
K

kranthi reddy

[Note: parts of this message were removed to make it a legal post.]

You can store the encrypted password along with the salt with which you
encrypt it.If this password is for the login system then you can have a look
at the plugin salted hash genereator.
kranthi
 
R

Rick Fiorentino

Pragash said:
Hi,
I want to store encrypted password in to database....
If you have any solution plz reply

Thanx in advance


hash_pw = Digest::MD5.hexdigest(params[:name] + params[:password])

Using the unique login name and password eliminates duplicates if a
couple users decide to use the same password.
 
S

Shashank Agarwal

Rick said:
Pragash said:
Hi,
I want to store encrypted password in to database....
If you have any solution plz reply

Thanx in advance


hash_pw = Digest::MD5.hexdigest(params[:name] + params[:password])

Using the unique login name and password eliminates duplicates if a
couple users decide to use the same password.

Like MD5, there's SHA1 as well. You'll be fine using either with
salting.

Digest::SHA1.hexdigest(string)
 
E

Eric I.

hash_pw = Digest::MD5.hexdigest(params[:name] + params[:password])

Using the unique login name and password eliminates duplicates if a
couple users decide to use the same password.

Salt (http://en.wikipedia.org/wiki/Salt_(cryptography)) serves the
same purpose.

If you use salt then you have to store it in your db as well (or be
able to derive it from other data in the db entry that will not
change).

If you use the user name as your salt, then if you allow users to
change their user names, you have to re-prompt them for their password
(because you didn't keep it sitting around in memory since they logged
in, did you?).

Also, Pragash, the answers you're finding here may not be what you
were expecting (based on how you phrased your question). By using a
digest (or cryptographic hash or one-way function -- all the same
thing), you provide no easy means of re-deriving the password from
what was stored in the database. You asked about an "encrypted
password", which can imply an encryption key that could be used to
perform a decryption to re-generate the password from the data stored
in the database. You're clearly after high security, so using a digest
+salt is generally the way to go.

Eric

====

Ruby training and Rails training available at http://LearnRuby.com .
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,743
Messages
2,569,478
Members
44,898
Latest member
BlairH7607

Latest Threads

Top