Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Tech Help

Password authentication - Page 1

Password authentication

Posted by: Bent`
Date: 2007-12-06 16:15:34
Hey guys,

I found a good web host recently, and have been working on a webpage. As an exercise, I'm building a user-based system from the ground up. What should I do for passwords? Obviously it wouldn't be a good idea to store the passwords in plain text in the database… I'm thinking of one-way-encrypting passwords as they come in, and comparing the encrypted versions. Is this a good or feasible idea? If so, what sort of encryption algorithm would be useful?

Re: Password authentication

Posted by: GARYM9
Date: 2007-12-16 17:36:26
Use a double encription matrix.  Take a pass like CARS and make it a matrix [3 1 18 19] (alphanumeraic) multiply it by an (ex.)[15 32 66 58] then multiply that by [16 88 55 14] to encript it.  To decript it (login) multilply the password by the inverse of the second then that product by the inverse of the first and you should be left with [3 1 18 19] and that should read as CARS or something. This'll only work if you know matricies and if double encription even works. I've only done single encription in math class (Algebra 2). :\

Re: Password authentication

Posted by: Bent`
Date: 2007-12-16 18:14:39
Well, the thing about that is security. If someone gained FTP access to my page, they could view the page source code to find the encryption, then decrypt every password in the database. For passwords, I wanted something that can't be decrypted, even if someone managed to get administrator access.

What I eventually decided on was a SHA-256 hash, by the way. All passwords are encrypted with this before being stored in the database, meaning that there is literally no way to decode them even if you can view it.