The art and science of password hashing

Peter Simpson

Expert
Licensed User
Hello all,
For a long time now whenever I create a bespoke database driven solution for a client I always make sure that the users database passwords and email addresses are encrypted using BCrypt with salt, that way I can tell my clients that their users details are securely stored in their databases. Using BCrypt password hashing also allows me to connect Android, Windows and MacOS packages to the exact same database for user password verification. If need be I can mix and match new B4X solutions with older VB.Net projects without any issues whatsoever.

Something else that I always do is to encrypt important information in databases by using AES encryption with a string and key with salt, thus once again I can mix and match new B4X solutions with older VB.Net projects securely with ease. I do not encrypt all the information in every single table in the database as it's just not necessary in my personal opinion, plus encrypting and decrypting data can be a slow process depending on the amount of data being processed and the speed/power of the hardware being used, but each to their own I suppose.

Today I read the following article which I personally found interesting.

https://www.helpnetsecurity.com/2019/07/02/password-hashing/

I hope that you find the link above as interesting as I do.

Enjoy...
 
Last edited:
Top