Re: Encrypted Fields

From: Mike Kienenberger (mkienen..mail.com)
Date: Tue Feb 10 2009 - 10:03:00 EST

Next message: Michael Gentry: "Re: Encrypted Fields"

Previous message: Mike Kienenberger: "Re: Re: Cloning a CayenneDataObject"
In reply to: Michael Gentry: "Re: Encrypted Fields"
Next in thread: Michael Gentry: "Re: Encrypted Fields"
Next in thread: Michael Gentry: "Re: Encrypted Fields"
Reply: Michael Gentry: "Re: Encrypted Fields"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Bug in login rehash:

user.setPassword(plainTextPassword);

Should be

user.setPassword(hashedPassword);

Also, your fetchUserBySSN() method assumes that encryption repeatedly
returns the same value. Is that always true? I know that hashing
passwords typically has a random salt to increase security, resulting
in different hashed values for the same key. You have to know the
random salt in order to recreate the same hash key. In unix
passwords, this is done by reading the random salt off the front of
the previous hashed value.

On Tue, Feb 10, 2009 at 8:35 AM, Michael Gentry <mgentr..asslight.net> wrote:
> I updated the document. I tried to simplify the key protection stuff
> (hopefully it makes a bit more sense) and added an example at the
> bottom on how you might do a search and fetch using encrypted field
> values.
>
> http://people.apache.org/~mgentry/Security_Manifesto.pdf
>
>
> mrg
>

Next message: Michael Gentry: "Re: Encrypted Fields"
Previous message: Mike Kienenberger: "Re: Re: Cloning a CayenneDataObject"
In reply to: Michael Gentry: "Re: Encrypted Fields"
Next in thread: Michael Gentry: "Re: Encrypted Fields"
Next in thread: Michael Gentry: "Re: Encrypted Fields"
Reply: Michael Gentry: "Re: Encrypted Fields"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2.0.0 : Tue Feb 10 2009 - 10:03:30 EST