encryption - Security using AES with salted password as key -


i understand how salted hash of password works, assuming need store salt, username, key, , encryptedpassword. think overall need understand how implement instance how store , how regenerate password. if explain why using salted value better, couldn't person dictionary attack salt in front of each word?

thanks,

it unclear trying do: verify supplied password correct (as system login); or implement encryption of data key derived password.

if latter (which known password-based encryption), should use key derivation function, such pbkdf2. key derivation function takes salt , supplied user password, , produces key can used cipher aes.

to encrypt, prompt password, generate random salt, , derive key using kdf. use key aes in suitable block cipher mode encrypt data, , store only salt , encrypted data (and whatever iv cipher mode requires).

to decrypt, prompt password, load salt file, , re-derive key. use key decrypt file.

the purpose of salt prevent precomputation optimisations being applied dictionary attack. indeed possible perform bruteforce dictionary attack once salt known, kdf designed slow enough make infeasible without precomputation.


Comments

Post a Comment

Popular posts from this blog

apache - Add omitted ? to URLs -

i working on website cms reads page name of query string, e.g. http://exmaple.com/?pagename . trying create rewrite rule rewrite ? . so, user types in /pagename , taken /?pagename try this: rewriteengine on rewritecond %{request_filename} !-d rewritecond %{request_filename} !-f rewriterule ^/?(.*) index.php?$1 [l]
Read more

redirect - bbPress Forum - rewrite to wwww.mysite prohibits login -

i using bbpress installation without wordpress integration. the redirect of rewriteengine @ forum site works: rewriteengine on rewritecond %{http_host} ^forum.mysite.com$ rewriterule (.*)$ http://www.forum.mysite.com/$1 [r=301,l] the problem login pppress. bbpress login not recognize: http://www.forum.mysite/bb-login.php . it redirects to: http://forum.mysite.com/bb-login.php . i tried permalink settings none , name based, same issue. does uses redirect in bbpress or how can eliminate "double" content , redirect permanently www.? i redirected www.forum.mysite.com forum.mysite.com , achieved eliminate "double" content.
Read more

php - How can I stop spam on my custom forum/blog? -

so have custom built forum & blog system of late has been dealing lot of spam. if wordpress use akismet, if different common platform i'm sure i'd find plugin. there kind of static class can download this? using php. i'd still go akismet, if it. uses outside of wordpress, may have pay fee it, depending on use -- check terms , conditions -- it's option , easy implement in php using api. use api key wordpress. com account access. basically, grab whichever php client library takes fancy -- use alex potsides' php5 library -- plug in key, , it's handful of lines of code. here's bare bones of validation straight 1 of live sites: ... if ($akismet) { $akismet->setcommentauthor($name); $akismet->setcommentauthoremail($session->userinfo["email"]); $akismet->setcommentauthorurl(""); $akismet->setcommentcontent($sentence);...
Read more