Encrypting/Hashing plain text passwords in database [closed]

EDIT (2016): use Argon2, scrypt, bcrypt, or PBKDF2, in that order of preference. Use as large a slowdown factor as is feasible for your situation. Use a vetted existing implementation. Make sure you use a proper salt (although the libraries you’re using should be making sure of this for you). When you hash the passwords … Read more

Make Android WebView not store cookies or passwords

You can use this to prevent cookies from being stored and clean cookies already stored: CookieSyncManager.createInstance(this); CookieManager cookieManager = CookieManager.getInstance(); cookieManager.removeAllCookies(callback); cookieManager.setAcceptCookie(false); WebView webview = new WebView(this); WebSettings ws = webview.getSettings(); ws.setSaveFormData(false); ws.setSavePassword(false); // Not needed for API level 18 or greater (deprecated)

Creating user with encrypted password in PostgreSQL

You may provide the password already hashed with md5, as said in the doc (CREATE ROLE): ENCRYPTED UNENCRYPTED These key words control whether the password is stored encrypted in the system catalogs. (If neither is specified, the default behavior is determined by the configuration parameter password_encryption.) If the presented password string is already in MD5-encrypted … Read more

What is the easiest way to encrypt a password when I save it to the registry?

You don’t decrypt authentication passwords! Hash them using something like the SHA256 provider and when you have to challenge, hash the input from the user and see if the two hashes match. byte[] data = System.Text.Encoding.ASCII.GetBytes(inputString); data = new System.Security.Cryptography.SHA256Managed().ComputeHash(data); String hash = System.Text.Encoding.ASCII.GetString(data); Leaving passwords reversible is a really horrible model. Edit2: I thought … Read more

What is currently the most secure one-way encryption algorithm?

Warning: Since this post was written in 2010, GPUs have been widely deployed to brute-force password hashes. Moderately-priced GPUs can run ten billion MD5s per second. This means that even a completely-random 8-character alphanumeric password (62 possible characters) can be brute forced in 6 hours. SHA-1 is only slightly slower, it’d take one day. Your … Read more