Is storing a private key generated by the client that is encrypted by the users password safer than storing a hash of a password? (The encryption part is done client side and it will be sent to the server the users password won't be sent to the server)
Is saving a private key encrypted with the users password safer than storing a hash in a database?
136 views Asked by TarithJ At
1
There are 1 answers
Related Questions in CRYPTOGRAPHY
- Secure Messaging Implementation in C#
- How to verify JWS (x5c chain) is signed by apple using Jose
- How to Safely Use Crypto.subtle Property for Local Testing Without Security Risks?
- OpenSSL3.0 RSA Signature Verification in C
- npm install tulind in my crypto server side
- how i need place arg in code for funtion send?
- Mbed TLS: in-place en-/decryption for OAEP doesn't seem to work
- Cannot test cryptographic performance using crypto_aesni_mb
- Installation Private Blockchain
- Encountered this error while implementing NTT cpp code: terminate called after throwing an instance of 'std::bad_alloc' what(): std::bad_alloc
- Cryptography Notion - Diffie-Hellmann
- Hash password with another password
- How to convert CryptAcquireContext to .NET 8 using System.Security.Cryptography methods
- Error "Cannot find module 'crypto'" in WalletConnect module
- Why do some cryptographic signature npm packages (like superdilithium) convert text to an array of integers before signing?
Related Questions in PASSWORDS
- Forgotten RAR password recovery
- I'm unable to access 'https://github.com/Danniecodjoe/alx-system_engineering-devops.git/':
- How to get new text input after entering a password in a tab?
- invalid application password of gmail
- Auto-complete doesn't work on Chrome or Edge
- Decrypting Magento 2 customer passwords using email for migration to Shopify
- In two subversion repositories (same machine), can I have different usernames with no password prompting?
- Store website username/password on Elinks for Ubuntu
- Sending Password to a PHP Script
- "error": "The public key is required. Visit https://dashboard.emailjs.com/admin/account"
- im stuck trying to guess a password to a server im accessing through netcat for a ctf
- Hashcat / John the Ripper - find password when you know most of password but don't remember the sequence
- Hashing the password if it is not hashed in django
- How do I change I change my redis docker containers password?
- How to detect password protected file in Angular 14+ without using Promise calls
Related Questions in PASSWORD-HASH
- How to unhash passwords using john the ripper
- PhpMyAdmin password_hash not matched from password_verify
- Java's Password4J Not Returning Same Results For Same Inputs
- Storing Database Password
- password_verify not working with php it seems to be the function
- How to move users table from AspNetUsers in ASP.NET application in Keycloak server?
- How should I hash passwords on .NET?
- Trouble logging in with hashed password PHP
- Moving password hashes from one algo to another
- Login and Validation logical error in flask
- Have I Hashed and Salted Correctly?
- ErrorC1083Cannot open include file: 'CryptHash/CryptHash.h': No such file or directory
- How can I modify or delete the PasswordHash class in XenForo to change the hashing algorithm?
- What algorithm does VerifyHashedPassword() use?
- Generate password Hash with SHA1+salt and MD4
Related Questions in PASSWORD-STORAGE
- How to persuade saved connections in SSMS projects to actually remember their password
- How does per user password salting work without transmitting the password as plain text?
- How should I store a single use username and password for an Angular app without a login page?
- Hashing function security level required for storing passwords
- How to protect users' credentials stored unencrypted in ~/.docker/config.json by 'docker login'?
- Python Doesn't Derive Same Hashkey For a given password and salt as Keycloak or Online Password Hashers
- How should I check if the password is weak or good After applying PasswordStrengthBar?
- Is saving a private key encrypted with the users password safer than storing a hash in a database?
- How does hybris store password hashes
- Password store in wordpress database in table wp_users
- Unable to insert a new password into pass (the standard unix password manager)
- Has the default password requirements in PHP ever changed, such that password_needs_rehash() would return true for default options?
- How do i handle password storage for sign-in to the SMTP client in ASP.NET Core?
- Store password for passing to another service
- Tell browser to store different passwords for each path under the same domain individually
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
It depends what you're talking about.
If i'm the client:
58 3b ae a9 de 37 88 e6 ed a2 9f 45 db 8b 9f 56 ef e1 aa 25 ac 52 f6 3d 02 dd 1b 86 1f c5 39 443e 35 33 46 fe a2 04 09 58 ff 1a 29 41 97 cb 6d 44 32 5f 4a 74 01 90 1d f3 32 eb 2c 6e 49 e1 19What you've done is have the client create a strong password with extra steps. I can convert those bytes to a string:
This is now the user's "password". When they login to your site, you need to validate that password. That means that you must securely store that password in your system - and taking the SHA-256 hash of that password is not secure.
That's all if the client encrypts it
What if instead the user generates a "private key":
And they send that to the server, and you will encrypt it with the user's password: how did you know the user's password!?
You can't do that, because you can't know their password.