FAQ Database Discussion Community


Xenforo Password Authentication Problrm

authentication,password-encryption,password-hash,php-password-hash,xenforo
Following is my password stored hash: $P$Di4MXJKUkkJRfzrpffssNdasSN3XAg0 I am trying to authenticate my Xenforo password like this: $newHash = $crypt($userPass, $stored_hash); return $newHash === $stored_hash; For example: my password is: 123456 my password stored hash is: $P$Di4MXJKUkkJRfzrpffssNdasSN3XAg0 So I am writing following code to authenticate: $newHash = crypt("123456", "$P$Di4MXJKUkkJRfzrpffssNdasSN3XAg0"); return...

Code fails for decrypting without salt or iv in Java

java,security,encryption,aes,password-encryption
I have a ciphertext and a 256-bit key to decrypt it, using AES. There is no salt or iv. I am using Java. I have implemented many of the solutions online, but they all use salts and input vectors. The following builds fine, but fails at runtime: "Salt not found."...

.NET Identity 2.0 with custom salted passwords

asp.net-identity-2,password-encryption
I'm trying to switch to .NET Identity from an old custom membership provider in an existing MVC application, and maintain dapper as the ORM, not EntityFramework which comes out of the box. I'm stuck at trying to implement my own IPasswordHasher, as I need the existing credentials to work. In...

Comparing two encrypted string with blowfish - php [duplicate]

php,password-encryption,blowfish,crypt
This question already has an answer here: PHP Crypt() Compare two crypted strings 5 answers I generated an encrypted string with using blowfish encryption function (crypt()) in php and stored it in database. How can I check correctness of submitted password then? For eg. during registration, I defined my...

Password based encryption-last block incomplete in decryption

java,password-encryption
I have a problem with password based encryption/decryption using PBEWithSHA256And256BitAES-CBC-BC algorithm. When I get to cipher.doFinal i get: javax.crypto.IllegalBlockSizeException: last block incomplete in decryption. public static String encrypt(String salt, String password, byte[] object) throws GeneralSecurityException { PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt.getBytes(), 1000); PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray()); SecretKeyFactory keyFac =...

Password Digest authentication in WSE3

asmx,password-encryption,wse3.0
I was able to implement the method AuthenticateToken and authenticate the user when the given password is in plain text. Is it possible to authenticate the user when the given password is hashed (Passworddigest)? If so, please shed some light. Thanks in advance....

CakePHP: Encrypt password in config file

cakephp,configuration,password-encryption
I don't want to store my password for my database configuration in plain text in the database.php for revision control reasons. I want something like this: public $default = array( 'datasource' => 'Database/Mysql', 'persistent' => false, 'host' => 'localhost', 'login' => 'root', 'password' => simpleEncryptFunction('v3RyH4rD3NcRyPtEdPaS$wOrD'), 'database' => 'sample', 'prefix' =>...

AES-256 Password Based Encryption/Decryption in Java

java,encryption,passwords,aes,password-encryption
I found a guide for implementing AES encryption/decryption in Java and tried to understand each line as I put it into my own solution. However, I don't fully understand it and am having issues as a result. The end goal is to have passphrase based encryption/decryption. I've read other articles/stackoverflow...

What is lastest standard in Encryption? [closed]

encryption,password-encryption
This question is independent of programming language because I need to update several old projects in a variety of formats. Some are using RC4 and others using RSA. I want to get these projects updated to whatever is the new industry standard for encrypting passwords. Is AES the best now...

ecryptfs - How does the passwd utility update the hash for non-admin password changes?

linux,encryption,passwords,password-encryption,ecryptfs
I have been playing around with ecryptfs to manually mount/unmount a private store via ecryptfs-mount-private and ecryptfs-umount-private. When I'm logged in as a user with ecryptfs configured (ie: username is bob), it asks for my login password for my Linux user account in order to mount the private store. If...

How do i encrypt password in three layers , SHA1, base64 encode and salt

java,base64,sha1,salt,password-encryption
I want to encrypt and decrypt password with high security . First, the string password with be converted to SHA1 , then i also want to add base64 encode and lastly add SALT to it. Is this doable in java? I have sample code to encode in base64 and sha1...

How Do I Separate The Salt from the Hash After Encrypting a Password with bCrypt using Java?

java,hibernate,encryption,bcrypt,password-encryption
OK, I am using Java with Spring MVC and Hibernate. I am using bCrypt for password encryption for the first time. I understand doing in that bCrypt integrates the salt with the hash. I have it set up currently so that the password is accepted as an input, is encoded...

Store a key or password securely locally on android

java,android,security,keystore,password-encryption
I'm making an android application and currently, I have my server username and password written as constants in my code (which is not very secure). I have researched online but I couldn't really find something that would completely secure the password from the user or at least prevent from hackers....

Is it more safe to modify MD5 output?

hash,md5,password-encryption
As an ordinary method, I always used to save MD5 of passwords in database while there are many websites that decode the MD5 hashed data to its original data (using rainbow database). I wonder if it is more safe to modify the output of MD5 function (e.g. omitting the last...