ØFrom: pgsql-novice-owner@postgresql.org [mailto:pgsql-novice-owner@postgresql.org] On Behalf Of Simon ... Sent: Tuesday, March 11, 2014 3:01 AM To: pgsql-novice@postgresql.org Subject: [NOVICE] Best method for storing recoverable passwords
ØI am looking to store user passwords related to logins to various websites unrelated to the database itself [eg. Access to software licence administration websites etc.].
I would prefer not to save the passwords as plain text.
What is the best method to save passwords that can be converted back to their plain text form?
[[KenB]]
The method I use is this.
Take the password, turn it into a HEX string - pad the hex string with additional RANDOMLY GENERATED Hex bytes - making a HEX string that is 63 (or 127) bytes long.
Prepend another hex byte giving the length of the actual password.
Pass the resultant HEX string to an obfuscater function (google that - there are several around)
Store that result.
To reverse the process - send the obfuscated string to the 'un-obfuscate' function - which returns the original HEX string.
Take off the first Hex Byte to get the length the password should be.
Then take the next XX hex bytes and turn them back into a string of characters.
Writes,
Ken Benson | Developer | InfoWerks Data Services, Inc.
