RE: Validating if password is encoded or encrypted



Hey Karen,

It is possible for passwords to be encrypted (i.e. with AES) and then
encoded with Base64 before storing it in DB.

What do you get after decoding those Base64 strings? Binary data?

wbr,
- Max

Hi Everyone, I'm currently reviewing an app prior to launching to our
prod. One of our security requirements is for the password to be
encrypted.
When i checked the password field in db, i noticed that all passwords
are ending with a double equal sign e.g "==".
I am under the impression that they are just base64 encoded rather
than encrypted. However, i tried decoding it using base64 but i'm not
getting a valid data.

Am i right in saying that the password is encoded? If yes with what
e.g. base64?
How can i prove or show them that this the password is just encoded
rather than encrypted?
Or is it encrypted?

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: charset problem with simple chat program
    ... The stream I get over the socket is a combination of base64 encoded bytes and bytes that represent xml tag strings. ... When I parse the string to create my entity object, I get the encoded base64 string as bytes with .getbytes. ... And send this byte stream into decoding. ...
    (comp.lang.java.help)
  • Re: Wie aus base64-Zeile wieder file machen?
    ... nicht Base64. ... How do I decode a MIME/BASE64 string? ... The MIME-Base64 package (available from CPAN) handles this as well as ... Decoding BASE64 becomes as simple as: ...
    (de.comp.os.unix.linux.misc)
  • Re: Passing huge double arrays in XML-RPC
    ... >>It looks as if base64 is the format to use, but I am too new to Perl to ... >>figure out how to do the encoding and decoding. ... >>If I have an array @array with thousands of double precision IEEE floats, ... Whren I pass an array with doubles, I see from my port sniffer that it is ...
    (comp.lang.perl.misc)
  • Re: Cracking simple password encryption
    ... This looks just too much like base64 encoding. ... Decoding them as base64 ...
    (Security-Basics)
  • Re: Trouble sending binary data over Sockets (using C)
    ... the base64 code will add new complications. ... So you have to properly chunk the input to the decoder.) ... this added complexity will have gained him nothing. ... Handling binary data in C ...
    (comp.unix.programmer)