The best approach would be hashing the passwords, instead of encrypting them as key management becomes an issue. Benefits of passwords in form of salted hash: · Real passwords are never stored/ displayed/ logged in the system · Salts makes dictionary attack very impractical as it’s very difficult to generate re-computed hash table as salts are random · It’s easier to implement as no need of key management A general approach would be like this (when storing): · Generate a long random salt using cryptographically strong functions such as SecureRandom in Java, when user is first time registering himself · Use the above salt and hash it with the user’s chosen password using standard and ...
Trying to feel 'Secure' in the world of 'Insecurities' :)
Current Online Users: