Re: Best method for storing recoverable passwords

From: Ken Benson <Ken(at)infowerks(dot)com>
To: "pgsql-novice(at)postgresql(dot)org" <pgsql-novice(at)postgresql(dot)org>
Subject: Re: Best method for storing recoverable passwords
Date: 2014-03-11 14:17:39
Message-ID: 132d9611940141b580652ee12ae5d793@BY2PR02MB028.namprd02.prod.outlook.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-novice

? From: pgsql-novice-owner(at)postgresql(dot)org [mailto:pgsql-novice-owner(at)postgresql(dot)org] On Behalf Of Simon ...
Sent: Tuesday, March 11, 2014 3:01 AM
To: pgsql-novice(at)postgresql(dot)org
Subject: [NOVICE] Best method for storing recoverable passwords

? I am looking to store user passwords related to logins to various websites unrelated to the database itself [eg. Access to software licence administration websites etc.].

I would prefer not to save the passwords as plain text.

What is the best method to save passwords that can be converted back to their plain text form?

[[KenB]]

The method I use is this.
Take the password, turn it into a HEX string - pad the hex string with additional RANDOMLY GENERATED Hex bytes - making a HEX string that is 63 (or 127) bytes long.
Prepend another hex byte giving the length of the actual password.
Pass the resultant HEX string to an obfuscater function (google that - there are several around)
Store that result.

To reverse the process - send the obfuscated string to the 'un-obfuscate' function - which returns the original HEX string.
Take off the first Hex Byte to get the length the password should be.
Then take the next XX hex bytes and turn them back into a string of characters.

Writes,

Ken Benson | Developer | InfoWerks Data Services, Inc.

In response to

Browse pgsql-novice by date

  From Date Subject
Next Message Feosenop 2014-03-12 08:20:32 Re: Forgotten Password on Toshiba Satellite Windows 7
Previous Message Jay Riddle 2014-03-11 13:17:32 Re: Disk usage for intermediate results in join algorithms