Skip to main content

Return to the password-encryption wiki

Post Timeline

Rolled back act of tag vandalism after discussion on meta
Source Link
user207421
user207421
  • 312.1k
  • 45
  • 324
  • 494

Passwords chosen by users are generally insecure for use directly as encryption keys. Cryptographic algorithms require keysPassword encryption is the act of a specific length, and sometimes require other attributes, such assecuring a specific paritypassword with another password. More importantly, however, passwords require additional processingIf your intent is to stop attackers from quickly testing large numbersuse passwords for authentication (e.g. for logins), you should look at hashing instead of likelyencryption. Use this tag for question about how or better still whether to encrypt passwords.

PasswordA critical but non-based encryption uses an encryption key derived from a password. Usually thetechnical problem with password encryption is meantthat legal non-repudiability of transactions is lost, because it ceases to be remembered, and entered with a keyboardtrue that only the password holder could have executed the transaction.

Secure This alone should be enough to disqualify password-based encryption techniques are computationally intensive to thwart dictionary attacks, and resist pre-computation by including an unpredictable "salt" in the derivation processfrom use almost anywhere.

Useful Links

Passwords chosen by users are generally insecure for use directly as encryption keys. Cryptographic algorithms require keys of a specific length, and sometimes require other attributes, such as a specific parity. More importantly, however, passwords require additional processing to stop attackers from quickly testing large numbers of likely passwords.

Password-based encryption uses an encryption key derived from a password. Usually the password is meant to be remembered, and entered with a keyboard.

Secure password-based encryption techniques are computationally intensive to thwart dictionary attacks, and resist pre-computation by including an unpredictable "salt" in the derivation process.

Password encryption is the act of securing a password with another password. If your intent is to use passwords for authentication (e.g. for logins), you should look at hashing instead of encryption. Use this tag for question about how or better still whether to encrypt passwords.

A critical but non-technical problem with password encryption is that legal non-repudiability of transactions is lost, because it ceases to be true that only the password holder could have executed the transaction. This alone should be enough to disqualify password encryption from use almost anywhere.

Useful Links

deleted 188 characters in body
Source Link
erickson
erickson
  • 270.8k
  • 59
  • 407
  • 502

Password encryption is the act of securing a password with another password. If your intent is to use passwords Passwords chosen by users are generally insecure for authentication (euse directly as encryption keys.g Cryptographic algorithms require keys of a specific length, and sometimes require other attributes, such as a specific parity. for logins)More importantly, look at hashing insteadhowever, passwords require additional processing to stop attackers from quickly testing large numbers of encryptionlikely passwords.

A critical but nonPassword-technical problem with passwordbased encryption is that legal non-repudiability of transactionsuses an encryption key derived from a password. Usually the password is lost, because it ceasesmeant to be true that only the password holder could have executed the transactionremembered, and entered with a keyboard. This alone should be enough to disqualify

Secure password-based encryption from use almost anywheretechniques are computationally intensive to thwart dictionary attacks, and resist pre-computation by including an unpredictable "salt" in the derivation process.

Useful Links

Password encryption is the act of securing a password with another password. If your intent is to use passwords for authentication (e.g. for logins), look at hashing instead of encryption.

A critical but non-technical problem with password encryption is that legal non-repudiability of transactions is lost, because it ceases to be true that only the password holder could have executed the transaction. This alone should be enough to disqualify password encryption from use almost anywhere.

Useful Links

Passwords chosen by users are generally insecure for use directly as encryption keys. Cryptographic algorithms require keys of a specific length, and sometimes require other attributes, such as a specific parity. More importantly, however, passwords require additional processing to stop attackers from quickly testing large numbers of likely passwords.

Password-based encryption uses an encryption key derived from a password. Usually the password is meant to be remembered, and entered with a keyboard.

Secure password-based encryption techniques are computationally intensive to thwart dictionary attacks, and resist pre-computation by including an unpredictable "salt" in the derivation process.

Added legal info
Source Link
user207421
user207421
  • 312.1k
  • 45
  • 324
  • 494

Password encryption is the act of securing a password with another password. If your intent is to use passwords for authentication (e.g. for logins), look at hashing instead of encryption.

A critical but non-technical problem with password encryption is that legal non-repudiability of transactions is lost, because it ceases to be true that only the password holder could have executed the transaction. This alone should be enough to disqualify password encryption from use almost anywhere.

Useful Links

Password encryption is the act of securing a password with another password. If your intent is to use passwords for authentication (e.g. for logins), look at hashing instead of encryption.

Useful Links

Password encryption is the act of securing a password with another password. If your intent is to use passwords for authentication (e.g. for logins), look at hashing instead of encryption.

A critical but non-technical problem with password encryption is that legal non-repudiability of transactions is lost, because it ceases to be true that only the password holder could have executed the transaction. This alone should be enough to disqualify password encryption from use almost anywhere.

Useful Links

added 428 characters in body
Source Link
edit approved Jan 22, 2013 at 16:44
avpaderno
edit approved Jan 22, 2013 at 16:44
avpaderno
  • 30.1k
  • 17
  • 81
  • 95
Encrypting passwords is not wrong per se.
Source Link
edit approved Jan 22, 2013 at 15:53
phant0m
edit approved Jan 22, 2013 at 15:53
phant0m
  • 17k
  • 6
  • 52
  • 84
added 167 characters in body
Source Link
edit approved Nov 19, 2011 at 17:02
H Bellamy
edit approved Nov 19, 2011 at 17:02
H Bellamy
  • 22.8k
  • 27
  • 81
  • 119
Link
Community Bot
Community Bot
  • 1
  • 1