Penetration Testing mailing list archives
Validating if password is encoded or encrypted
From: Karen Sy <karensy.co () gmail com>
Date: Fri, 2 Sep 2011 19:58:29 +0800
Hi Everyone, I'm currently reviewing an app prior to launching to our prod. One of our security requirements is for the password to be encrypted. When i checked the password field in db, i noticed that all passwords are ending with a double equal sign e.g "==". I am under the impression that they are just base64 encoded rather than encrypted. However, i tried decoding it using base64 but i'm not getting a valid data. Am i right in saying that the password is encoded? If yes with what e.g. base64? How can i prove or show them that this the password is just encoded rather than encrypted? Or is it encrypted? Thank you all. Karen ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Validating if password is encoded or encrypted Karen Sy (Sep 06)
- RE: Validating if password is encoded or encrypted Maksim . Filenko (Sep 16)
- RE: Validating if password is encoded or encrypted Abe (Sep 17)
- RE: Validating if password is encoded or encrypted Maksim . Filenko (Sep 16)