Timeline for A question about storing passwords
Current License: CC BY-SA 3.0
7 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Sep 18, 2013 at 18:23 | comment | added | recursion.ninja | Put a table in the database with data to verify the correct decryption. Also, I'm pretty sure your DBMS will alert you if the database file your attempting to load is incorrectly formatted (not correctly decrypted). | |
| Sep 15, 2013 at 17:56 | comment | added | Bill Door | I believe it is also the case that many decryption algorithms can detect that the data being decrypted is incorrect. | |
| Sep 15, 2013 at 17:55 | comment | added | Bill Door | The challenge is determining that the password in fact is decrypting the file. In some cases there are reasonably simple checks that can be done with the decrypted data to ensure that the data is correct. I have also worked with systems that included well known data or well known checks into the data file. That data can be used to determine if the password is in fact correct. It is best if there is some inherent check to the structure or contents of the file, as well known data in the file can be used with a plain text attack. | |
| Sep 14, 2013 at 16:22 | review | First posts | |||
| Sep 14, 2013 at 19:26 | |||||
| Sep 14, 2013 at 16:17 | history | edited | recursion.ninja | CC BY-SA 3.0 | Added additional security thoughts to the OP's probelm |
| Sep 14, 2013 at 16:09 | history | edited | recursion.ninja | CC BY-SA 3.0 | added a note about security abstraction |
| Sep 14, 2013 at 16:03 | history | answered | recursion.ninja | CC BY-SA 3.0 |