I want to save passwords in the database using RSA.
I understand it by example - https://msdn.microsoft.com/ru-ru/library/system.security.cryptography.rsacryptoserviceprovider(v=vs.100).aspx , a provider is created and private and shared keys are generated for it, for robots with a password. Questions: 1. Is it possible to create many shared keys with one private one or vice versa (if yes, please code)? 2. If there is no answer to B.1, then we actually have a lot of private and shared keys in the database. How to save them in the database, a separate table or push in the Users table? 3. Is it worth it to keep the keys (and use RSA) in the database or to save them somewhere else? Since if the attacker has access to the database, then in fact he has found these keys and cannot be stopped.
Monomax
437 one 2 20
JuniorOne JuniorOne
one
- And what are you going to do with these keys for users? - Zergatul
- and what you do not like MD5? - Monomax
- I apologize, I didn’t put it correctly, but why are you not satisfied with hashing? - Monomax
- 2Tell the customer that if he wants a huge security hole, then you can encrypt it. But in mind, passwords are only hashed. - Gennady P
- oneExplain to the customer that hashing is more “strong” encryption than asymmetric, because data cannot be decrypted at all. - Zergatul
|
1 answer
"Answer to the third question"
I just want to indicate your (as I think) mistake in choosing a “function” (if you can express it) encryption of your data ... Your choice fell on RSA, but why is it so remarkable?
I suggest you use "md5", this function hashes your data in such a way that it is almost impossible to decrypt them ... Why practically? Because there are currently websites in the Internet that have a database of hashed strings and if your password matches the database data (this happens only if your password is light. For example: "123"), then the site will extract the password ... Therefore, create a password, at least 'medium difficulty', and use md5. No one will decrypt your data ...
Thank you!))) Support Like ...
- I would add that if you wish, you can get any information, but the question is about the means and time, so MD5 is quite good. - Andrew Tarasenko
- You can sprinkle salt, so that simple passwords do not give well-known hashes too - Andrew NOP
|