: MCrypt Module, Rijndael-256 An outside company is redoing our company Intranet. During some basic usage I disovered that the "User Edit" screens, with the "Password: *" boxes have the password

An outside company is redoing our company Intranet. During some basic usage I disovered that the "User Edit" screens, with the "Password: *" boxes have the password in plain text, with the text box "type=password" to "hide" the password.

The passwords are not store in the database as plain text, they are stored encrypted using "rijndael-256" cypher using the mcrypt module.

I know that if I encrypt a password with SHA*, the password is "Unrecoverable" via one-way encryption. Is the same of MCrypt Rijndael-256 encryption? Shouldn't an encrypted password be un-recoverable? Are they blowing smoke up my rear or just using the wrong technology?

10.01% popularity Vote Up Vote Down

: Why do I get this error about file not being found? I am getting this error: File does not exist: /var/www/user/home/user/public_html/cgi-sys I have only .html files in the document root. Can

@Kevin317

Posted in: #Apache2

2 Comments

: I'd like to use iframe to videos and contents posted other sites?will I be violating any law Possible Duplicate: Loading another domain's content in a modal iframe - acceptable?

@Kevin317

Posted in: #Blacklist #Seo

1 Comments

: How to correctly handle redirect after site facelift I recently updated our site taking it from a multi-page site to a single page site. The problem now is that when the site is searched in

@Kevin317

Posted in: #Php #Redirects #Sitemap

1 Comments

: Depth of URLs and SEO Possible Duplicate: What is the best stucture of SEO friendly URL? Does the depth of an URL affect SEO/Pagerank? Is there any max or optimal level for URL

@Kevin317

Posted in: #Links #Seo #Url

1 Comments

Login to post a comment!

1 Comments

Sorted by latest first Latest Oldest Best

@Looi9037786

SHA* or MD5 are not encryption. They generate hashes. Hashes are one way, in that once you have something it is unrecoverable (unless you have a known value associated with a known hash). Hashes are ok for non-critical passwords.

You may recall recent news where LinkedIn had a number of accounts stolen. Attackers got a copy of their user table. Their passwords were stored as hashes and using a huge look up tables of all possible values of a type hash, attackers were able to get login credentials for users.

Encryption is the process of using specific mathematical algorithms to turn the data in to 'useless', unintelligible data. Encryption is designed to be reversible. Encryption uses a 'key' to perform the encryption/decryption and as long as you possess that key you can decrypt the encrypted information. If you dispose of/lose the key, the data is useless. In this way, an attacker would need both your data and your encryption key (or alot of time and a sufficiently large number of processors) for the data to be usable.

In short, Encryption is reversible provided you have the key and is preferable to hashing.

10% popularity Vote Up Vote Down

Feed

: MCrypt Module, Rijndael-256 An outside company is redoing our company Intranet. During some basic usage I disovered that the "User Edit" screens, with the "Password: *" boxes have the password

More posts by @Kevin317

: Why do I get this error about file not being found? I am getting this error: File does not exist: /var/www/user/home/user/public_html/cgi-sys I have only .html files in the document root. Can

: I'd like to use iframe to videos and contents posted other sites?will I be violating any law Possible Duplicate: Loading another domain's content in a modal iframe - acceptable?

: How to correctly handle redirect after site facelift I recently updated our site taking it from a multi-page site to a single page site. The problem now is that when the site is searched in

: Depth of URLs and SEO Possible Duplicate: What is the best stucture of SEO friendly URL? Does the depth of an URL affect SEO/Pagerank? Is there any max or optimal level for URL

Login to post a comment!

1 Comments

Back to top | Use Dark Theme