[Owasp-topten] Insecure Cryptographic Storage
zakiakhmad at gmail.com
Fri Apr 3 21:44:06 EDT 2009
On Sat, Apr 4, 2009 at 1:03 AM, Anurag Agarwal <anurag.agarwal at yahoo.com> wrote:
> To break it down a little bit, if the application is allowing a user to
> retrieve their old password, that means it is stored either in clear text or
> two way encryption (both of them are bad practice, one worse than the
> other), if they are making the user select a new password, though they may
> still be storing it in cleartext or two way encryption but the chances are
> it is probably hashed and stored.
I am a little bit confused with "two way encryption" words. Are there
"one way encryption"? What's the difference between hash function aka
one way function?
> Web: www.attacklabs.com , www.myappsecurity.com
Both of them inactive?
More information about the Owasp-topten