Home page logo
/

pen-test logo Penetration Testing mailing list archives

Validating if password is encoded or encrypted
From: Karen Sy <karensy.co () gmail com>
Date: Fri, 2 Sep 2011 19:58:29 +0800

Hi Everyone,  I'm currently reviewing an app prior to launching to our
prod. One of our security requirements is for the password to be
encrypted.
When i checked the password field in db, i noticed that all passwords
are ending with a double equal sign e.g "==".
I am under the impression that they are just base64 encoded rather
than encrypted. However, i tried decoding it using base64 but i'm not
getting a valid data.

Am i right in saying that the password is encoded? If yes with what e.g. base64?
How can i prove or show them that this the password is just encoded
rather than encrypted?
Or is it encrypted?

Thank you all.

Karen

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault