[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

storing encrypted password in to database

Pragash Mr.

8/8/2008 10:12:00 AM

Hi,
I want to store encrypted password in to database....
If you have any solution plz reply

Thanx in advance
--
Posted via http://www.ruby-....
4 Answers

kranthi reddy

8/8/2008 11:01:00 AM

0

[Note: parts of this message were removed to make it a legal post.]

You can store the encrypted password along with the salt with which you
encrypt it.If this password is for the login system then you can have a look
at the plugin salted hash genereator.
kranthi

On Fri, Aug 8, 2008 at 3:42 PM, Pragash Mr.
<gananapragasam@srishtisoft.com>wrote:

> Hi,
> I want to store encrypted password in to database....
> If you have any solution plz reply
>
> Thanx in advance
> --
> Posted via http://www.ruby-....
>
>

Rick Fiorentino

8/8/2008 12:28:00 PM

0

Pragash Mr. wrote:
> Hi,
> I want to store encrypted password in to database....
> If you have any solution plz reply
>
> Thanx in advance


hash_pw = Digest::MD5.hexdigest(params[:name] + params[:password])

Using the unique login name and password eliminates duplicates if a
couple users decide to use the same password.
--
Posted via http://www.ruby-....

Shashank Agarwal

8/8/2008 1:23:00 PM

0

Rick Fiorentino wrote:
> Pragash Mr. wrote:
>> Hi,
>> I want to store encrypted password in to database....
>> If you have any solution plz reply
>>
>> Thanx in advance
>
>
> hash_pw = Digest::MD5.hexdigest(params[:name] + params[:password])
>
> Using the unique login name and password eliminates duplicates if a
> couple users decide to use the same password.

Like MD5, there's SHA1 as well. You'll be fine using either with
salting.

Digest::SHA1.hexdigest(string)
--
Posted via http://www.ruby-....

Eric I.

8/8/2008 3:38:00 PM

0

On Aug 8, 8:28 am, Rick Fiorentino <rfiorent...@charter.net> wrote:
> hash_pw = Digest::MD5.hexdigest(params[:name] + params[:password])
>
> Using the unique login name and password eliminates duplicates if a
> couple users decide to use the same password.

Salt (http://en.wikipedia.org/wiki/Salt_%28crypt...) serves the
same purpose.

If you use salt then you have to store it in your db as well (or be
able to derive it from other data in the db entry that will not
change).

If you use the user name as your salt, then if you allow users to
change their user names, you have to re-prompt them for their password
(because you didn't keep it sitting around in memory since they logged
in, did you?).

Also, Pragash, the answers you're finding here may not be what you
were expecting (based on how you phrased your question). By using a
digest (or cryptographic hash or one-way function -- all the same
thing), you provide no easy means of re-deriving the password from
what was stored in the database. You asked about an "encrypted
password", which can imply an encryption key that could be used to
perform a decryption to re-generate the password from the data stored
in the database. You're clearly after high security, so using a digest
+salt is generally the way to go.

Eric

====

Ruby training and Rails training available at http://Lea... .