FAQ Database Discussion Community

Do I need to escape every string and what is the maximum length of an escaped string?

I am trying to store a randomly generated salt in my database with SQL. I have generated this salt in php using this line of code: $salt = mysqli_real_escape_string($this->connection, mcrypt_create_iv(256, MCRYPT_DEV_URANDOM)); As I understand it all strings must be escaped regardless of whether they are derived from user input as...

The error is incorrect username or password even I've entered the correct credentials

I've created my own way of login.php using hash & salt. When I input new admin account, the password and seems to be working fine on my phpmyadmin but when I calling the hash and salt in my login, the "User doesn't exist" seems to be good. The error is...

SHA256 / SHA512: MySQL Code for Password Hashing and Salting

I need some help understanding how to hash and salt passwords for users in SQL using SHA256 or SHA512. I think for each user I have to generate a different salt? How do I check the password at login and update and existing password in MySQL? I used this resource...

Java - Generating a random salt isn't random

I'm trying to generate a salt in Java to use with a hashing algorithm for secure password storage. I'm using the following code to create the random salt: private static String getSalt() throws NoSuchAlgorithmException { SecureRandom sr = SecureRandom.getInstance("SHA1PRNG"); byte[] salt = new byte[16]; sr.nextBytes(salt); System.out.println(salt.toString()); return salt.toString(); } Which...

Change password script works but doesn't write correct password into database

I have this script for change password : <?php /* Page/Script Created by Shawn Holderfield */ //Establish output variable - For displaying Error Messages $msg = ""; //Check to see if the form has been submitted if (mysql_real_escape_string($_POST['submit'])): //Establish Post form variables $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string(md5($_POST['password'])); $npassword =...

How to generate an md5 hash with a plaintext string and a known salt [duplicate]

This question already has an answer here: MD5 hash with salt for keeping password in DB in C# 4 answers I have been going crazy trying to figure this out. Is there a simple way in C# to take a string like "password123" and a salt "vfs5%S]m(_*Y+Tk" and generate...

Password hashing with Spring Security

Is it possible to add additional salt to password using Spring Security BCryptPasswordEncoder?

targeting salt minions using multiple grains

In our infrastructure, we set multiple grains on the minion including an 'environment' and 'component' grain. Based on this, there can be multiple minions with the same component name, each in a different environment. I want to be able to select minions based on multiple grains instead of having to...

Combining salt, docker and Amazon EC2 for hosting Python application

The situation we currently have in our company is: 3 python applications that can be spawned as many times as needed Single Amazon EC2 server that is hosting all those mentioned apps( 1 instance of each) CPU utilization ~30% periodic work we want to have done within 1hr takes 2hr...

JS Twin-Bcrypt salt pattern

I've been exploring Twin-Bcrypt JavaScript library, and found a strange thing. At one moment, I've made my own salt on server side with PHP base64_encode(openssl_random_pseudo_bytes(16)) and used it in TwinBcrypt.hash() function, which responded that salt is invalid because of the regular pattern mismatch in library. So, the pattern is: var...

Is this a bad practice for storing passwords in PHP?

I'm using the crypt function in PHP to hash passwords, along with salt obviously. But I'm generating my salt by calling the md5 function over the date function. And every time the user logs in the salt gets regenerated. Is any of this bad in any way? I am still...

salt created by Java SecureRandom has different getBytes() value [duplicate]

This question already has an answer here: how to convert byte array to string and vice versa 13 answers I use java SecureRandom to create salt to encrypt user. However, when I tried to match user with salt and password, they failed on different machine. The user is created...

How do i encrypt password in three layers , SHA1, base64 encode and salt

I want to encrypt and decrypt password with high security . First, the string password with be converted to SHA1 , then i also want to add base64 encode and lastly add SALT to it. Is this doable in java? I have sample code to encode in base64 and sha1...

How to encrypt random value using some unique key in java

Hello I want to encrypt a unique random value using a key in Java. I will send this unique random value to each webservices to make system secure so nobody can hit my web services url on rest client. Please guide me a way to achieve this. Thanks in advance....

salt in every password yii

I have a table column called salt and it is a required field but I don't want to users to input their own salts is there a way for our system to generate a salt for each password which are encrypted via sha1?

How to get wordpress password using hash and salt key?

I forgot my wordpress admin password but i am able to get into my DB and have the hashed password and also i have salt key from my wp-config.php file. Does anyone know how can i get my password back from above details. I tried doing forgot password thing but...

Must I generate an additional salt, even though password_hash() already provides a salt?

In using PHP's native password_hash() function, must (or should) I generate my own salt even though (to my understanding), it can already create a salt as seen here in this example (provided by http://www.php.net): <?php /** * Note that the salt here is randomly generated. * Never use a static...

Error Hashing + Salt password

Someone can help me to fix this problem: TypeError: can't concat bytes to str I am trying to safely store hash+salt passwords, I think the problem is that my salt is a byte object how can I transform it into a string? Or is there a way to hash it...

WildFly: randomly salted passwords in Java EE application

What is the WildFly (8.2) way to work with randomly salted passwords stored in a database? Is an implementation of org.jboss.crypto.digest.DigestCallback (in the password validation process) meant to have access to the salt part from the database? Or should I simply hash and salt passwords by my self before handing...

C#,asp.net Passwords are not matching after hashing with salt

I have used hashing with salt for password.Before i implemented hashing, i had a stored procedure which used to check textbox value with the value in Database and the code was working fine .After implementing hashing though the passwords are not matching,i checked the hashed value in database and password...

Using SaltStack grains file with Vagrant

I would like to use minion.d/*.conf to provision a vagrant machine. Here is my Vagrant configuration: Vagrant.configure("2") do |config| ## Choose your base box config.vm.box = "precise64" ## For masterless, mount your salt file root config.vm.synced_folder "salt/roots/", "/srv/salt/" ## Use all the defaults: config.vm.provision :salt do |salt| salt.minion_config = "salt/minion"...

Failed to create Javascript analog of Java method for password hashing using SHA-256 and salt

I've been strugling for a while now by trying to complete next goal : I have a "Reset password" page that supposed to send new password to the server. I would like to hash it with salt, so I could save it in DB eventually. On Server side I have...

Hash and Salt string in Windows Store App

I have been trying to do a Hash and salt on a password that I have to save on the device. This is a code that I have been using, but I can't find System.Security.Cryptography and the RNGCryptoServiceProvider in the Windows Store Framework. public static string CreateSalt(int size) { var...