Re: Encrypting passwords
- From: "Igor Tandetnik" <itandetnik@xxxxxxxx>
- Date: Tue, 23 Aug 2005 16:46:18 -0400
SD <SD@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> I have an application where a user enters a password, which is to
> be used the next time the user wants to invoke the application.
> The password is to be encrypted before being stored in the
> registry. Since I'm new to encryption, could someone point
> me to some sample to do this? I would just need simple XOR
> encryption/ decryption.
Do you need the actual value of the password at run-time (if so, what
for? ), or do you just need to verify that the password the user has
entered is the correct one? In the latter case, it is much better to
store a one-way hash of the password (preferably salted and stretched)
than the password itself, however well encrypted. If you encrypt, then
you have another problem - how to store the encryption key securely -
and you are essentially back where you started.
See CryptCreateHash, CryptHashData
--
With best wishes,
Igor Tandetnik
With sufficient thrust, pigs fly just fine. However, this is not
necessarily a good idea. It is hard to be sure where they are going to
land, and it could be dangerous sitting under them as they fly
overhead. -- RFC 1925
.
- Follow-Ups:
- Re: Encrypting passwords
- From: SD
- Re: Encrypting passwords
- References:
- Encrypting passwords
- From: SD
- Encrypting passwords
- Prev by Date: Re: show dialog result?
- Next by Date: Re: Encrypting passwords
- Previous by thread: Re: Encrypting passwords
- Next by thread: Re: Encrypting passwords
- Index(es):
Relevant Pages
|
