comment on

As far as #2 goes:
1. Use SSL
2. A better method would be to hash the user's password into the DB. Then, instead of decrypting & comparing to the one they entered, you would hash the one they entered and compare to the hash in the DB. You can verify they actually typed the correct password since the hash will be unique. Although this doesn't stop brute-forcing if the password hash is compromised, it does protect from "knowing an algorithm" (since you can't reverse the results of a hash).

Footnote: Recent events bring some question to the uniqueness of hashes, but the results they found are for very special cases (so far). Its something we need to keep an eye on, but I don't think it invalidates hash-usage approaches just yet.

- jbWare

In reply to Re: What *are* the best ways to encrypt data? by jbware
in thread What *are* the best ways to encrypt data? by bradcathey

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.