If I accept full Unicode for passwords, how should I normalize the string before passing it to the hash function? Goals Without normalization, if someone sets their password to "mañana" (ma\u00F1...

I have a scenario that has been troubling me for years. If you have to connect to a database or other service (like a web service) using a username and password, where would be the safest place to ...

I'm using Sequelize to do a DB find for a user record, and I want the default behavior of the model to not return the password field for that record. The password field is a hash but I still don't ...

My question derives from this How to hash long passwords (>72 characters) with blowfish I am using bcrypt(blowfish) to hash the passwords. So, as I found out from this question https://securit...

Probably a very newbie question but, Ive been reading around and have found some difficulty in understanding the creation and storage of passwords. From what i've read md5/hash passwords are the be...

As I continue to build more and more websites and web applications I am often asked to store user's passwords in a way that they can be retrieved if/when the user has an issue (either to emai...

I have a friend which is a white hat hacker. He says that md5 is not really that bad and actually is really secure, just if we use it properly. I believe that he is right. As I know, there is 3 wa...

I have read in many articles that we should combine an unique salt to each passwords before hashing and store the salt in database for verification but How about using the password itself as an sal...

I would like to know if one should implement AccountManager to save user credentials such as username, email, passwords etc. I can't find a good reason to use it myself. I don't want other applica...

I am using the following methods to create a salted and hashed password from the crypto lib in nodejs: crypto.randomBytes(size, [callback]) crypto.pbkdf2(password, salt, iterations, keylen, callba...

I'm trying to correctly do a per user and site wide salt for my passwords. Here's what I've got: require('../../salt.php'); //this is above the web root and provides $salt variable $pw = mysql_rea...

I would like to ask if there is a standard to store username and password in a Windows Phone application. I am working on a project that validates the user on every request that is called. So, I w...

To hash passwords (one-way), it looks like bcrypt is the best. I am about to start using jBCrypt, but I have a few worries: No mailing list. Very low activity overall. Bug tracker has only ever ...

According to PHP's doc, bcrypt salt are made of "$2a$", a two digit cost parameter, "$", and 22 digits from the alphabet "./0-9A-Za-z" So, if i use the crypt() function to hash my passwords, ...

What would be the recommended way for storing passwords in a Java desktop application? I want the user to have the ability to enter the credencials only once and not be prompted again. On persona...

Let's say I have a password: AAABBBCCCDDD I could easily give person A the first part (AAA), person B the second part and so on. But is there an option any two of the four people can decrypt/form...

We store all our application and db passwords in plain text in source control. We do this as our build/deploy process generates required configuration files and also does actual deploys that requir...

In my last question "Portable database for storing secrets" the best answer until now tell to use sqlite-crypt. Reading sqlite-crypt docs, the new param for open the database is the pass-phrase. ...