[Owasp-topten] Insecure Cryptographic Storage

Zaki Akhmad zakiakhmad at gmail.com
Fri Apr 3 21:44:06 EDT 2009


On Sat, Apr 4, 2009 at 1:03 AM, Anurag Agarwal <anurag.agarwal at yahoo.com> wrote:

> To break it down a little bit, if the application is allowing a user to
> retrieve their old password, that means it is stored either in clear text or
> two way encryption (both of them are bad practice, one worse than the
> other), if they are making the user select a new password, though they may
> still be storing it in cleartext or two way encryption but the chances are
> it is probably hashed and stored.

I am a little bit confused with "two way encryption" words. Are there
"one way encryption"? What's the difference between hash function aka
one way function?

> Web: www.attacklabs.com , www.myappsecurity.com

Both of them inactive?

-- 
Zaki Akhmad


More information about the Owasp-topten mailing list