Search Results

Search found 305 results on 13 pages for 'salt racer'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 4/13 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • How to reproduce System.Security.Cryptography.SHA1Managed result in Python

    - by joetyson
    Here's the deal: I'm moving a .NET website to Python. I have a database with passwords hashed using the System.Security.Cryptography.SHA1Managed utility. I'm creating the hash in .NET with the following code: string hashedPassword = Cryptographer.CreateHash("MYHasher", userInfo.Password); The MYHasher block looks like this: <add algorithmType="System.Security.Cryptography.SHA1Managed, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=blahblahblah" saltEnabled="true" type="Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.HashAlgorithmProvider, Microsoft.Practices.EnterpriseLibrary.Security.Cryptography, Version=3.0.0.0, Culture=neutral, PublicKeyToken=daahblahdahdah" name="MYHasher" /> So for a given password, I get back and store in the database a 48 byte salted sha1. I assume the last 8 bytes are the salt. I have tried to reproduce the hashing process in python by doing a sha1(salt + password) and sha1(password + salt) but I'm having no luck. My question to you: How are the public keys being used? How is the password rehashed using the salt. How is the salt created? (e.g., When I say saltEnabled="true", what extra magic happens?) I need specific details that don't just reference other .NET libraries, I'm looking for the actual operational logic that happens in the blackbox. Thanks!

    Read the article

  • Converting AES encryption token code in C# to php

    - by joey
    Hello, I have the following .Net code which takes two inputs. 1) A 128 bit base 64 encoded key and 2) the userid. It outputs the AES encrypted token. I need the php equivalent of the same code, but dont know which corresponding php classes are to be used for RNGCryptoServiceProvider,RijndaelManaged,ICryptoTransform,MemoryStream and CryptoStream. Im stuck so any help regarding this would be really appreciated. using System; using System.Text; using System.IO; using System.Security.Cryptography; class AESToken { [STAThread] static int Main(string[] args) { if (args.Length != 2) { Console.WriteLine("Usage: AESToken key userId\n"); Console.WriteLine("key Specifies 128-bit AES key base64 encoded supplied by MediaNet to the partner"); Console.WriteLine("userId specifies the unique id"); return -1; } string key = args[0]; string userId = args[1]; StringBuilder sb = new StringBuilder(); // This example code uses the magic string “CAMB2B”. The implementer // must use the appropriate magic string for the web services API. sb.Append("CAMB2B"); sb.Append(args[1]); // userId sb.Append('|'); // pipe char sb.Append(System.DateTime.UtcNow.ToString("yyyy-MM-dd HH:mm:ssUTC")); //timestamp Byte[] payload = Encoding.ASCII.GetBytes(sb.ToString()); byte[] salt = new Byte[16]; // 16 bytes of random salt RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); rng.GetBytes(salt); // the plaintext is 16 bytes of salt followed by the payload. byte[] plaintext = new byte[salt.Length + payload.Length]; salt.CopyTo(plaintext, 0); payload.CopyTo(plaintext, salt.Length); // the AES cryptor: 128-bit key, 128-bit block size, CBC mode RijndaelManaged cryptor = new RijndaelManaged(); cryptor.KeySize = 128; cryptor.BlockSize = 128; cryptor.Mode = CipherMode.CBC; cryptor.GenerateIV(); cryptor.Key = Convert.FromBase64String(args[0]); // the key byte[] iv = cryptor.IV; // the IV. // do the encryption ICryptoTransform encryptor = cryptor.CreateEncryptor(cryptor.Key, iv); MemoryStream ms = new MemoryStream(); CryptoStream cs = new CryptoStream(ms, encryptor, CryptoStreamMode.Write); cs.Write(plaintext, 0, plaintext.Length); cs.FlushFinalBlock(); byte[] ciphertext = ms.ToArray(); ms.Close(); cs.Close(); // build the token byte[] tokenBytes = new byte[iv.Length + ciphertext.Length]; iv.CopyTo(tokenBytes, 0); ciphertext.CopyTo(tokenBytes, iv.Length); string token = Convert.ToBase64String(tokenBytes); Console.WriteLine(token); return 0; } } Please help. Thank You.

    Read the article

  • C#, AES encryption check!

    - by Data-Base
    I have this code for AES encryption, can some one verify that this code is good and not wrong? it works fine, but I'm more concern about the implementation of the algorithm // Plaintext value to be encrypted. //Passphrase from which a pseudo-random password will be derived. //The derived password will be used to generate the encryption key. //Password can be any string. In this example we assume that this passphrase is an ASCII string. //Salt value used along with passphrase to generate password. //Salt can be any string. In this example we assume that salt is an ASCII string. //HashAlgorithm used to generate password. Allowed values are: "MD5" and "SHA1". //SHA1 hashes are a bit slower, but more secure than MD5 hashes. //PasswordIterations used to generate password. One or two iterations should be enough. //InitialVector (or IV). This value is required to encrypt the first block of plaintext data. //For RijndaelManaged class IV must be exactly 16 ASCII characters long. //KeySize. Allowed values are: 128, 192, and 256. //Longer keys are more secure than shorter keys. //Encrypted value formatted as a base64-encoded string. public static string Encrypt(string PlainText, string Password, string Salt, string HashAlgorithm, int PasswordIterations, string InitialVector, int KeySize) { byte[] InitialVectorBytes = Encoding.ASCII.GetBytes(InitialVector); byte[] SaltValueBytes = Encoding.ASCII.GetBytes(Salt); byte[] PlainTextBytes = Encoding.UTF8.GetBytes(PlainText); PasswordDeriveBytes DerivedPassword = new PasswordDeriveBytes(Password, SaltValueBytes, HashAlgorithm, PasswordIterations); byte[] KeyBytes = DerivedPassword.GetBytes(KeySize / 8); RijndaelManaged SymmetricKey = new RijndaelManaged(); SymmetricKey.Mode = CipherMode.CBC; ICryptoTransform Encryptor = SymmetricKey.CreateEncryptor(KeyBytes, InitialVectorBytes); MemoryStream MemStream = new MemoryStream(); CryptoStream CryptoStream = new CryptoStream(MemStream, Encryptor, CryptoStreamMode.Write); CryptoStream.Write(PlainTextBytes, 0, PlainTextBytes.Length); CryptoStream.FlushFinalBlock(); byte[] CipherTextBytes = MemStream.ToArray(); MemStream.Close(); CryptoStream.Close(); return Convert.ToBase64String(CipherTextBytes); } public static string Decrypt(string CipherText, string Password, string Salt, string HashAlgorithm, int PasswordIterations, string InitialVector, int KeySize) { byte[] InitialVectorBytes = Encoding.ASCII.GetBytes(InitialVector); byte[] SaltValueBytes = Encoding.ASCII.GetBytes(Salt); byte[] CipherTextBytes = Convert.FromBase64String(CipherText); PasswordDeriveBytes DerivedPassword = new PasswordDeriveBytes(Password, SaltValueBytes, HashAlgorithm, PasswordIterations); byte[] KeyBytes = DerivedPassword.GetBytes(KeySize / 8); RijndaelManaged SymmetricKey = new RijndaelManaged(); SymmetricKey.Mode = CipherMode.CBC; ICryptoTransform Decryptor = SymmetricKey.CreateDecryptor(KeyBytes, InitialVectorBytes); MemoryStream MemStream = new MemoryStream(CipherTextBytes); CryptoStream cryptoStream = new CryptoStream(MemStream, Decryptor, CryptoStreamMode.Read); byte[] PlainTextBytes = new byte[CipherTextBytes.Length]; int ByteCount = cryptoStream.Read(PlainTextBytes, 0, PlainTextBytes.Length); MemStream.Close(); cryptoStream.Close(); return Encoding.UTF8.GetString(PlainTextBytes, 0, ByteCount); } Thank you

    Read the article

  • Converted some PHP functions to c# but getting different results

    - by Tom Beech
    With a bit of help from people on here, i've converted the following PHP functions to C# - But I get very different results between the two and can't work out where i've gone wrong: PHP: function randomKey($amount) { $keyset = "abcdefghijklmABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $randkey = ""; for ($i=0; $i<$amount; $i++) $randkey .= substr($keyset, rand(0, strlen($keyset)-1), 1); return $randkey; } public static function hashPassword($password) { $salt = self::randomKey(self::SALTLEN); $site = new Sites(); $s = $site->get(); return self::hashSHA1($s->siteseed.$password.$salt.$s->siteseed).$salt; } c# public static string randomKey(int amount) { string keyset = "abcdefghijklmABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; string randkey = string.Empty; Random random = new Random(); for (int i = 0; i < amount; i++) { randkey += keyset.Substring(0, random.Next(2, keyset.Length - 2)); } return randkey; } static string hashPassword(string password) { string salt = randomKey(4); string siteSeed = "6facef08253c4e3a709e17d9ff4ba197"; return CalculateSHA1(siteSeed + password + salt + siteSeed) + siteSeed; } static string CalculateSHA1(string ipString) { SHA1 sha1 = new SHA1CryptoServiceProvider(); byte[] ipBytes = Encoding.Default.GetBytes(ipString.ToCharArray()); byte[] opBytes = sha1.ComputeHash(ipBytes); StringBuilder stringBuilder = new StringBuilder(40); for (int i = 0; i < opBytes.Length; i++) { stringBuilder.Append(opBytes[i].ToString("x2")); } return stringBuilder.ToString(); } EDIT The string 'password' in the PHP function comes out as "d899d91adf31e0b37e7b99c5d2316ed3f6a999443OZl" in the c# it comes out as: "905d25819d950cf73f629fc346c485c819a3094a6facef08253c4e3a709e17d9ff4ba197"

    Read the article

  • Suggestions for library to hash passwords in JAVA

    - by DutrowLLC
    What JAVA library should I be using to Hash passwords for storage in a database? I was hoping to just take the plain text password, add a random salt, then store the salt and the hashed password in the database. Then when a user wanted to log in, I could just take their submitted password, add the random salt from their account information, hash it and see if it equates to the stored hash password with their account information.

    Read the article

  • Creating a function that will handle objects with common properties

    - by geocine
    Take this as an example I have trimmed this example for readability and you may not find the use of this concept here. class Teacher() { public Name {get; set;} public Salt {get; set;} public Department{get; set;} } class Student() { public Name {get; set;} public Salt {get; set;} public Section{get; set;} } public string GetEncryptedName(object Person) { //return encrypted name based on Name and Salt property return encrypt(object.Salt,object.Name) } callig the function GetEncryptedName(Teacher) GetEncryptedName(Student) How do you implement this kind of stuff?

    Read the article

  • Massive Network Upgrade

    - by Cliff Racer
    I find myself tasked with organizing an upgrade of our entire Active Directory from server 2003 to 2008. We run a few AD dependant services such as Exchange 2007 SQL Server 2008 SharePoint 2007 All of which we are looking to bring up to date as well with their most recent versions. The original AD was a little bit of a mess (the exchange upgrade from 2003 left some stuff in the AD database that I make references to servers that no longer exist for example). Here is what I want to accomplish Migrate the domain from our 2003 to a NEW clean 2008r2 domain Upgrade from Sharepoint 2007 to 2010 Upgrade Exchange from 2007 to 2010 My question is, in what order do we do things? Can I do a domain upgrade and simply migrate exchange after? On their own, these objectives are complicated enough, orchestrating them in our company while minimizing downtime is making my head spin. I have done a lot of the research on how to do them individually but I am having trouble figuring out how to do them all in concert.

    Read the article

  • Good Documentation on Avaya IP Office 500 r2 setup

    - by Cliff Racer
    I have set up a couple of Avaya IP Office systems over the course of my current job. I have a pretty good handle on the process, but now I am faced with something I have not done before. Both the IP office systems I have set up used all Digital phones. The new system we are putting in place will actually use IP phones for the first time. After tyring to track down some general documentation on my own, I was not able to find anything that left me feeling comfortable about setting up IP phones on an Avaya IP Office 500. Does anyone know of any good how-To's for setting up IP phones on IP Office? I get the impression its pretty simple but learend enough about Avaya to know that there are some tricky aspects to setting them up

    Read the article

  • To Delete or Not to Delete Arcserve Makeup Jobs?

    - by Cliff Racer
    Every once in a while, I have a backup job that fails with my backup server running ARCserve 12.5. A failure results in the creation of a 'makeup' job. I run the makeup job and even if it completes it stays in my job cue. These have piled up over the past couple of years and I find myself wondering if its ok to delete them knowing that ARCserve relies on a sql database to catalog backup info and data. If I run a makeup job, can I just delete it afterward? Should I just collect them? I have not seen anything so far that makes me feel confident with what to do with these leftover jobs.

    Read the article

  • Best Timing for Windows AD Domain Name Change

    - by Cliff Racer
    A while back when I first started with my company, the domain had already been set up using a "xxx.net" DNS name for the internal AD namespace. The shortname is just fine and I feel no need to change it but I have always hated how we used an internet DNS name for our internal AD. We are planning an AD upgrade from 2003 to 2008R2 and I would like to work this DNS name change if possible. I know there are procedures for doing a full domain name change but my question is: Is a FULL domain name change neccessary if all I want to change is the internal DNS name of the domain? Would it be better to do this change after the 2008R2 domain upgrade?

    Read the article

  • Paypal Express Checkout api credentials - How to store them properly?

    - by Sequence
    I've been searching the internet and I've come up with a lot of answers of how to store paypal API credentials(Used in Paypal Express Checkout.) They say to hash the credentials using salt. But what I don't understand is how and where to store the salt. If they get access to the salt, can't they just un-hash the credentials? That doesn't seem very secure to me. They say not to hard-code the API credentials, but any other way still seems really vulnerable. Thanks for taking the time to look at my questions. I'd really appreciate help.

    Read the article

  • Securing credentials passed to web service

    - by Greg Smith
    I'm attempting to design a single sign on system for use in a distributed architecture. Specifically, I must provide a way for a client website (that is, a website on a different domain/server/network) to allow users to register accounts on my central system. So, when the user takes an action on a client website, and that action is deemed to require an account, the client will produce a page (on their site/domain) where the user can register for a new account by providing an email and password. The client must then send this information to a web service, which will register the account and return some session token type value. The client will need to hash the password before sending it across the wire, and the webservice will require https, but this doesn't feel like it's safe enough and I need some advice on how I can implement this in the most secure way possible. A few other bits of relevant information: Ideally we'd prefer not to share any code with the client We've considered just redirecting the user to a secure page on the same server as the webservice, but this is likely to be rejected for non-technical reasons. We almost certainaly need to salt the password before hashing and passing it over, but that requires the client to either a) generate the salt and communicate it to us, or b) come and ask us for the salt - both feel dirty. Any help or advice is most appreciated.

    Read the article

  • Authlogic: passwords saved in the DB are not working as expected.

    - by user570459
    Hello everyone, Im having trouble with authlogic on my production server. Im able to update passwords in the database but when i try to validate a user using the new password, the validation fails. Please check the below console output. Notice how the salt and crypted_password fields get update before and after the new password is saved. The issue is only on my production server (running passenger). Everything works fine on my development machine. => #<User id: 3, login: "saravk", email: "[email protected]", crypted_password: "9bc86247105e940bb748ab680c0e77d9c44a82ea", salt: "WdVpQIdwl68k8lJWOU"> irb(main):003:0> u.password = "kettik123" => "kettik123" irb(main):004:0> u.password_confirmation = "kettik123" => "kettik123" irb(main):005:0> u.save! => true irb(main):006:0> u.valid_password?("kettik123") => true irb(main):007:0> u.reload => #<User id: 3, login: "saravk", email: "[email protected]", crypted_password: "f059007c56f498a12c63209c849c1e65bb151174", salt: "lVmmczhyGE0gxsbV421A"> irb(main):008:0> u.valid_password?("kettik123") => false The authlogic configuration in my User model.. class User < ActiveRecord::Base acts_as_authentic do |c| c.login_field :email c.validate_login_field false c.validate_email_field false c.perishable_token_valid_for = 1.day c.disable_perishable_token_maintenance = true end I use the email field as the main key for the user. Also the email field is allowed to be blank in some cases (eg a facebook user) Also i belive that my schema is proper (in terms of the length of the salt & crypted password fields) create_table "users", :force => true do |t| t.string "login" t.string "email" t.string "crypted_password", :limit => 128, :default => "" t.string "salt", Any help on this would be highly appreciated. Thanks.

    Read the article

  • Can I Specify Strings for MySql Table Values?

    - by afterimagedesign
    I have a MySql table that stores the users state and city from a list of states and cities. I specifically coded each state as their two letter shortened version (like WA for Washington and CA for California) and every city has the two letter abbreviation and the city name formated like this: Boulder Colorado would be CO-boulder and Salt Lake City, Utah would be UT-salt-lake-city as to avoid different states with same city name. The PHP inserts the value (UT-salt-lake-city) under the column City, but when I call the variable through PHP, it displays like this: Your location is: UT-salt-lake-city, Utah. To solve this, I've been making this list of variables if ($city == "AL-auburn") { $city = "Auburn"; } else if ($city == "AL-birmingham") { $city = "Birmingham"; } else if ($city == "GA-columbus") { $city = "Columbus"; $state = "Georgia"; } else if ($city == "AL-dothan") { $city = "Dothan"; } else if ($city == "AL-florence") { $city = "Forence"; } else if ($city == "AL-muscle-shoals") { $city = "Muscle Shoals"; } else if ($city == "AL-gadsden-anniston") { $city = "Gadsden Anniston"; } else if ($city == "AL-huntsville") { $city = "Huntsville"; } else if ($city == "AL-decatur") { $city = "Decatur"; } else if ($city == "AL-mobile") { $city = "Mobile"; } else if ($city == "AL-montgomery") { $city = "Montgomery"; } else if ($city == "AL-tuscaloosa") { $city = "Tuscaloosa"; } Is there a way I can shorten this process or at least call it from a separate file so I don't have to copy/paste every time I want to call the location?

    Read the article

  • rails inverting to_xml and getting the original model

    - by djacobs7
    I did this: [User.first, User.last].to_xml and got this: <users type="array"> <user> <created-at type="datetime">2010-03-16T06:40:51Z</created-at> <id type="integer">3</id> <password-hash></password-hash> <salt></salt> <updated-at type="datetime">2010-03-16T06:40:51Z</updated-at> <username nil="true"></username> </user> <user> <created-at type="datetime">2010-03-23T03:58:15Z</created-at> <id type="integer">7</id> <password-hash></password-hash> <salt></salt> <tutorial-state nil="true"></tutorial-state> <updated-at type="datetime">2010-03-23T03:58:15Z</updated-at> <username nil="true"></username> </user> </users> How can I take that string of xml and invert it to get the original activerecord objects back?

    Read the article

  • AES Encryption Java Invalid Key length

    - by wuntee
    I am trying to create an AES encryption method, but for some reason I keep getting a 'java.security.InvalidKeyException: Key length not 128/192/256 bits'. Here is the code: public static SecretKey getSecretKey(char[] password, byte[] salt) throws NoSuchAlgorithmException, InvalidKeySpecException{ SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEWithMD5AndDES"); // NOTE: last argument is the key length, and it is 256 KeySpec spec = new PBEKeySpec(password, salt, 1024, 256); SecretKey tmp = factory.generateSecret(spec); SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES"); return(secret); } public static byte[] encrypt(char[] password, byte[] salt, String text) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidParameterSpecException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException{ SecretKey secret = getSecretKey(password, salt); Cipher cipher = Cipher.getInstance("AES"); // NOTE: This is where the Exception is being thrown cipher.init(Cipher.ENCRYPT_MODE, secret); byte[] ciphertext = cipher.doFinal(text.getBytes("UTF-8")); return(ciphertext); } Can anyone see what I am doing wrong? I am thinking it may have something to do with the SecretKeyFactory algorithm, but that is the only one I can find that is supported on the end system I am developing against. Any help would be appreciated. Thanks.

    Read the article

  • Can't decrypt after encrypting with blowfish Java

    - by user2030599
    Hello i'm new to Java and i have the following problem: i'm trying to encrypt the password of a user using the blowfish algorithm, but when i try to decrypt it back to check the authentication it fails to decrypt it for some reason. public static String encryptBlowFish(String to_encrypt, String salt){ String dbpassword = null; try{ SecretKeySpec skeySpec = new SecretKeySpec( salt.getBytes(), "Blowfish" ); // Instantiate the cipher. Cipher cipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, skeySpec); //byte[] encrypted = cipher.doFinal( URLEncoder.encode(data).getBytes() ); byte[] encrypted = cipher.doFinal( to_encrypt.getBytes() ); dbpassword = new String(encrypted); } catch (Exception e) { System.out.println("Exception while encrypting"); e.printStackTrace(); dbpassword = null; } finally { return dbpassword; } } public static String decryptBlowFish(String to_decrypt, String salt){ String dbpassword = null; try{ SecretKeySpec skeySpec = new SecretKeySpec( salt.getBytes(), "Blowfish" ); // Instantiate the cipher. Cipher cipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding"); cipher.init(Cipher.DECRYPT_MODE, skeySpec); //byte[] encrypted = cipher.doFinal( URLEncoder.encode(data).getBytes() ); byte[] encrypted = cipher.doFinal( to_decrypt.getBytes() ); dbpassword = new String(encrypted); } catch (Exception e) { System.out.println("Exception while decrypting"); e.printStackTrace(); dbpassword = null; } finally { return dbpassword; } } When i call the decrypt function it gives me the following error: java.security.InvalidKeyException: Parameters missing Any ideas? Thank you

    Read the article

  • Cryptography for P2P card game

    - by zephyr
    I'm considering writing a computer adaptation of a semi-popular card game. I'd like to make it function without a central server, and I'm trying to come up with a scheme that will make cheating impossible without having to trust the client. The basic problem as I see it is that each player has a several piles of cards (draw deck, current hand and discard deck). It must be impossible for either player to alter the composition of these piles except when allowed by the game rules (ie drawing or discarding cards), nor should players be able to know what is in their or their oppponent's piles. I feel like there should be some way to use something like public-key cryptography to accomplish this, but I keep finding holes in my schemes. Can anyone suggest a protocol or point me to some resources on this topic? [Edit] Ok, so I've been thinking about this a bit more, and here's an idea I've come up with. If you can poke any holes in it please let me know. At shuffle time, a player has a stack of cards whose value is known to them. They take these values, concatenate a random salt to each, then hash them. They record the salts, and pass the hashes to their opponent. The opponent concatenates a salt of their own, hashes again, then shuffles the hashes and passes the deck back to the original player. I believe at this point, the deck has been randomized and neither player can have any knowledge of the values. However, when a card is drawn, the opponent can reveal their salt, allowing the first player to determine what the original value is, and when the card is played the player reveals their own salt, allowing the opponent to verify the card value.

    Read the article

  • Aptana RadRails?

    - by salt.racer
    I've been using a text editor for my rails app for a while and I have a workflow that I am happy with for my existing app. However, I am about to be starting a new app and it appears that Aptana RadRails is sufficiently developed and stable enough for use. (The last time I tried it it was in beta and wasn't quite fully baked.) So my question is: Is it widely used in the community? What are peoples general thoughts on it?

    Read the article

  • (PHP) SHA1 vs md5 vs SHA256: which to use for a PHP login?

    - by hatorade
    I'm making a php login, and I'm trying to decide whether to use SHA1 or Md5, or SHA256 which I read about in another stackoverflow article. Are any of them more secure than others? For SHA1/256, do I still use a salt? Also, is this a secure way to store the password as a hash in mysql? function createSalt() { $string = md5(uniqid(rand(), true)); return substr($string, 0, 3); } $salt = createSalt(); $hash = sha1($salt . $hash);

    Read the article

  • compare previous ENCRYPT() call with new ENCRYPT() call mysql

    - by contagious
    I'm storing a string in mysql with the ENCRYPT() function. I want to fetch a row where that string is matched, but the new ENCRYPT() call gives me a different value, so they never match. This is expected as i'm not (and can't) give it a consistent salt: http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html#function_encrypt If no salt argument is given, a random value is used. This is the query i'm running that returns empty: SELECT * FROM `table` WHERE ENCRYPT('string') = `enc_string` I know this is possible because this is used by a 3rd party app, but I can't find their query where they do this. Is there a way to force ENCRYPT to use the previous salt, or predict it?

    Read the article

  • Difficulty determining the file type of text database file

    - by Joseph Silvashy
    So the USDA has some weird database of general nutrition facts about food, and well naturally we're going to steal it for use in our app. But anyhow the format of the lines is like the following: ~01001~^~0100~^~Butter, salted~^~BUTTER,WITH SALT~^~~^~~^~Y~^~~^0^~~^6.38^4.27^8.79^3.87 ~01002~^~0100~^~Butter, whipped, with salt~^~BUTTER,WHIPPED,WITH SALT~^~~^~~^~Y~^~~^0^~~^6.38^4.27^8.79^3.87 ~01003~^~0100~^~Butter oil, anhydrous~^~BUTTER OIL,ANHYDROUS~^~~^~~^~Y~^~~^0^~~^6.38^4.27^8.79^3.87 ~01004~^~0100~^~Cheese, blue~^~CHEESE,BLUE~^~~^~~^~Y~^~~^0^~~^6.38^4.27^8.79^3.87 With those odd ~ and ^ separating the values, It also lacks a header row but thats ok, I can figure that out from the other stuff on their site: http://www.ars.usda.gov/Services/docs.htm?docid=8964 Any help would be great! If it matters we're making an open/free API with Ruby to query this data. Additionally I'm having a tough time posing this question so I've made it a community wiki so we can all pitch in!

    Read the article

  • Hashing and salting values

    - by Avanst
    I am developing a small web app that internally authenticates users. Once the user is authenticated my web app then passes some information such as userID and Person's name to a third party web application. The third party developer is suggesting that we hash and salt the values. Forgive my ignorance, but what exactly does that mean? I am writing the app in Java. So what I am planning on doing is hashing the userID, Person's name, and some Math.random() value as the salt with Apache Commons Digest Utils SHA512 and passing that hashed string along with the userID and person's name. Is that the standard practice? I should be passing the third party the salt as well correct?

    Read the article

  • Securing database keys for client-side processing

    - by danp
    I have a tree of information which is sent to the client in a JSON object. In that object, I don't want to have raw IDs which are coming from the database. I thought of making a hash of the id and a field in the object (title, for example) or a salt, but I'm worried that this might have a serious effect on processing overhead. SELECT * FROM `things` where md5(concat(id,'some salt')) = md5('1some salt'); Is there a standard practice for obscuring IDs in this kind of situation?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >