Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a login and password that I need to store in my database. What is a safer way to encode them (I use AES algorithm): as one string with separator between login/pass, or as a two separate strings?
Encoding has to be reversable, so please don’t mention hash.
Safety has not much to do with your choice. If you use
AES with mode different than ECB and PKCS7/PKCS5 Paddingyou can either encrypt logins and passwords alone or logins and passwords seperately. It depends on wheather you will need a login without a password in your implementation. You will probably use the same key to encrypt both login and password. So splitting is by no means an additional security measure. If you woudl use some salted PKDF keys can be different for each record, but attacker still needs only to get the master password and a salt.