| Author |
 Topic  |
|
|
wim
Starting Member
15 Posts |
 Posted - 04 June 2001 : 14:33:31
|
Hi,
Would it be a good idea to start encrypting the user passwords? Not only for someone who hijacks the database but also for the forum operator who can't inadvertertly see the passwords used.
Wim
--
http://www.win2kwereld.nl
|
|
|
redbrad0
Advanced Member
USA
3725 Posts |
Posted - 04 June 2001 : 17:33:41
|
quote:
forum operator who can't inadvertertly see the passwords used.
this is a good idea, however with having it where admin's can not see the passwords, i dont think it should be something that is looked into. the reason for this is most peopel that use this forum learn asp so they can edit the forum. with enough playing around, they can figure out how to decode the passwords eazy
Brad |
 |
|
|
Doug G
Support Moderator
USA
6493 Posts |
Posted - 04 June 2001 : 19:25:22
|
quote:
...they can figure out how to decode the passwords eazy
Not really.
I encrypt passwords in some VB apps in the database using xp's. There are component-based encryptions for asp, but I haven't found a good script only one yet.
======
Doug G
====== |
|
|
|
wim
Starting Member
15 Posts |
Posted - 08 June 2001 : 08:54:19
|
quote:
quote:
forum operator who can't inadvertertly see the passwords used.
this is a good idea, however with having it where admin's can not see the passwords, i dont think it should be something that is looked into. the reason for this is most peopel that use this forum learn asp so they can edit the forum. with enough playing around, they can figure out how to decode the passwords eazy
Brad
Currently the passwords are quite easy to see, even if you're not interested in them. It would be better if they we're obscured. Also, encryption would make it a bit more difficult to gain access to the passwords by unauthorized persons.
My major point is that passwords should not be EASY viewable. I understand that somebody with complete control can gain access to them anyway, but that is not a major problem to me.
Wim
--
http://www.win2kwereld.nl
|
|
|
|
Hawnz
Starting Member
27 Posts |
Posted - 08 June 2001 : 09:26:00
|
I wouldn't mind looking into encrypting my passwords on the site, I've also thought about encrypting the passwords that are wrote to the cookies too.
Hawnz
 |
|
|
|
tilttek
Junior Member
Canada
333 Posts |
Posted - 08 June 2001 : 10:13:16
|
quote:
this is a good idea, however with having it where admin's can not see the passwords, i dont think it should be something that is looked into. the reason for this is most peopel that use this forum learn asp so they can edit the forum. with enough playing around, they can figure out how to decode the passwords eazy
I'm working on it... I will release a Security MOD really soon... Using many encryption technologies, and in ASP only, no COM, no external program.
But, I have some difficulty, cause usualy good encryption technic use Memory Movement, and in ASP you can't.
So I'm working on alternate way to do this, without to much losing speed. I know that it will be use on small string, but it might be used for others task later like encrypting private message.
Philippe Gamache
http://www.tilttek.com
http://www.lapageamelkor.com |
|
|
|
bjlt
Senior Member
1144 Posts |
Posted - 12 June 2001 : 13:44:58
|
quote:
I'm working on it... I will release a Security MOD really soon...
Do you have any idea when you will comlete it? I'd also like to know what features are included. Really need such a mod. |
|
|
|
tilttek
Junior Member
Canada
333 Posts |
Posted - 12 June 2001 : 14:18:13
|
quote:
Do you have any idea when you will comlete it? I'd also like to know what features are included. Really need such a mod.
One way encryption (MD5) for PW.
Blowfish encryption for Cookies.
You will be able to use the two encryption for any others parts of you site, like Private message...
Time, I'm not sure, don't have much time on hand for now... And because Blowfish use binary transformation, it a little more difficult to do in in ASP. C, C++ is easy... VB can is medium, but VBScript is missing some usefull function.
Philippe Gamache
http://www.tilttek.com
http://www.lapageamelkor.com |
|
|
|
e3stone
Average Member
USA
885 Posts |
|
|
bjlt
Senior Member
1144 Posts |
Posted - 13 June 2001 : 09:15:14
|
quote:
One way encryption (MD5) for PW.
Blowfish encryption for Cookies.
You will be able to use the two encryption for any others parts of you site, like Private message...
wow, can i enc the email address field or what ever other field?
if i enc email addr, how it would affect email funtion, eg. when using a mailling list like feature, maybe email all (1000+members)?
is it possible to use c++ to write one first since it's easy, for those who can upload components?
this would be a Great add on for snitz.
|
|
|
|
tilttek
Junior Member
Canada
333 Posts |
|
|
tilttek
Junior Member
Canada
333 Posts |
Posted - 13 June 2001 : 09:30:41
|
quote:
wow, can i enc the email address field or what ever other field?
if i enc email addr, how it would affect email funtion, eg. when using a mailling list like feature, maybe email all (1000+members)?
You gonna have to decrypt all e-mail... But It can be put in the general e-mail function, so without too much problem you can add it.
quote:
is it possible to use c++ to write one first since it's easy, for those who can upload components?
Hum, cause SNITZ don't use any components I want to do it in ASP first... After I might do a Component version with more encriptions (BLOWFISH, TWOFIST, DES, 3DES for exemple).
Philippe Gamache
http://www.tilttek.com
http://www.lapageamelkor.com |
|
|
| |
Topic |
|
Topic Locked
