Open pquackenbush opened 9 years ago
@pquackenbush, though it may seem counter-intuitive, we should discuss our password handling in a public forum. If the algorithm itself is properly secure, we should be able to disclose it in a public forum and have every confidence that it won't help an attacker. If our password security were to rely on developing some secret method of securing the password such that public exposure of the secret method were to compromise the passwords, then we are relying on security through obscurity. We definitely don't want that.
Good source on password encryption in JAVA http://www.jasypt.org/howtoencryptuserpasswords.html
@joedobrovolc That is an excellent writeup
We should probably come up with a method for encrypting our passwords. And yes, I realize the flaw in discussing this in a publicly hosted site.
Nice explanation of pswd handling