[WEB SECURITY] Password Manager with Fingerprint Verification

James Manico jim at manico.net
Wed Jun 8 11:54:45 EDT 2011


In addition to salting and hashing, I would also recommend that you iterate
the hash a few thousand times or more in addition to isolating the salt away
from the hash in some way.

Jim Manico

On Jun 7, 2011, at 8:48 PM, Gautam <itsecanalyst at gmail.com> wrote:

I am still trying to get my understanding clear here. why would you want to
(salted+hash) and then encrypt it. Is just getting a hash not enough, you
can do salted+sha256 and you should be good.

if you want a clear text password, then you might want to encrypt it,
however it all depends what is the final use of these credentials. There are
more controls that you would need to get in place if you want to
encrypt-decrypt and then key management is a big issue that you need to
think.

G

On Tue, May 31, 2011 at 6:01 PM, <rmc_0306 at hotmail.com> wrote:

> Hello Friends.
>
> Im a final year student for COmputer Security / Forensic. Im planning to do
> a project which requires me to do encryption and decryption. My possible
> choice of language would be VB.Net. I was wondering if wad is running in
> my mind can be executed. Well, I would make a application where a part of it
> wil be promting the guest to register and I wanted to store the password in
> the database. I did some research and came across Salting and Hashing. I
> was wondering if is it possible to get the password which the user enters,
> salt it, hash it and encrypt it before I store in the database. If so,
> what is the best secured strong encryption can I use in VB.net. Because
> through out the research I have done, i have sen RInjdael as the most fav
> encryption algo which alot of programmers using. JUst a though on this.
> Kindly advise me. Thank you for your generous help and for reading query.
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate.  We look at how SSL works, how it benefits your company and how
> your customers can tell if a site is secure. You will find out how to test,
> purchase, install and use a thawte Digital Certificate on your Apache web
> server. Throughout, best practices for set-up are highlighted to help you
> ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>
>
_______________________________________________
The Web Security Mailing List

WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss

Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA

WASC on Twitter
http://twitter.com/wascupdates

websecurity at lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110608/9c1bb910/attachment-0003.html>


More information about the websecurity mailing list