Storing encrypted password in to database

ganana_srishti · August 8, 2008, 12:13pm

Hi,
I want to store encrypted password in to database…
If you have any solution plz reply

Thanx in advance

ganana_srishti · August 8, 2008, 1:07pm

You can store the encrypted password along with the salt with which you
encrypt it.If this password is for the login system then you can have a
look
at the plugin salted hash genereator.
kranthi

On Fri, Aug 8, 2008 at 3:42 PM, Pragash Mr.

ganana_srishti · August 8, 2008, 2:29pm

Pragash Mr. wrote:

Hi,
I want to store encrypted password in to database…
If you have any solution plz reply

Thanx in advance

hash_pw = Digest::MD5.hexdigest(params[:name] + params[:password])

Using the unique login name and password eliminates duplicates if a
couple users decide to use the same password.

ganana_srishti · August 8, 2008, 2:33pm

On Fri Aug 8 19:12:04 2008, Pragash Mr. wrote:

Hi,
I want to store encrypted password in to database…
If you have any solution plz reply

Thanx in advance

This[1] is an excellent module for password hashing.

[1] http://www.zacharyfox.com/blog/ruby-on-rails/password-hashing

ganana_srishti · August 8, 2008, 3:24pm

Rick F. wrote:

Pragash Mr. wrote:

Hi,
I want to store encrypted password in to database…
If you have any solution plz reply

Thanx in advance

hash_pw = Digest::MD5.hexdigest(params[:name] + params[:password])

Using the unique login name and password eliminates duplicates if a
couple users decide to use the same password.

Like MD5, there’s SHA1 as well. You’ll be fine using either with
salting.

Digest::SHA1.hexdigest(string)

ganana_srishti · August 8, 2008, 5:40pm

On Aug 8, 8:28 am, Rick F. [email protected] wrote:

hash_pw = Digest::MD5.hexdigest(params[:name] + params[:password])

Using the unique login name and password eliminates duplicates if a
couple users decide to use the same password.

Salt (Salt (cryptography) - Wikipedia) serves the
same purpose.

If you use salt then you have to store it in your db as well (or be
able to derive it from other data in the db entry that will not
change).

If you use the user name as your salt, then if you allow users to
change their user names, you have to re-prompt them for their password
(because you didn’t keep it sitting around in memory since they logged
in, did you?).

Also, Pragash, the answers you’re finding here may not be what you
were expecting (based on how you phrased your question). By using a
digest (or cryptographic hash or one-way function – all the same
thing), you provide no easy means of re-deriving the password from
what was stored in the database. You asked about an “encrypted
password”, which can imply an encryption key that could be used to
perform a decryption to re-generate the password from the data stored
in the database. You’re clearly after high security, so using a digest
+salt is generally the way to go.

Eric

====

Ruby training and Rails training available at http://LearnRuby.com .