Sign In
Create Account
Follow Us on Twitter
Subscribe on Youtube
2
Where store password?
Situation. Exist some application, after it loaded, it's required password for using it.
1 reply to this topic
Back to top|
|
|
#2
Posted 04 November 2010 - 11:57 PM
wim DC
-
- Members
-
- 2,084 posts
Writes binary right handed and hex left handed
- Programming Language:Java, JavaScript, PL/SQL
- Learning:Java
Unless this is something to teach yourself how to write to files. So it's not a big program. You should never store the password itself.
When the password is created it goes trough a so called one-way-hash function.
Imagine the password is : password.
It's then passed to the function and that function returns: 1agd687PFT45D
with a one-way-hash function it's impossible to retrieve the password if you have 1agd687PFT45D.
The thing the hash function returns(1agd687PFT45D) is saved. Be it in a file or database.
Then, when the user wants to login and gives its password. You send it trough the algorithm again, whatever the algorithm returns must be equal to the 1agd687PFT45D that was saved.
This way you store passwords without actually storing them.
When the password is created it goes trough a so called one-way-hash function.
Imagine the password is : password.
It's then passed to the function and that function returns: 1agd687PFT45D
with a one-way-hash function it's impossible to retrieve the password if you have 1agd687PFT45D.
The thing the hash function returns(1agd687PFT45D) is saved. Be it in a file or database.
Then, when the user wants to login and gives its password. You send it trough the algorithm again, whatever the algorithm returns must be equal to the 1agd687PFT45D that was saved.
This way you store passwords without actually storing them.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
