I hear of all these various things such as https, ssl/tls, srp, md5, sha, bcrypt, and so on. Which of these do I need exactly and which do I not need? And in what form should the password be stored in the database?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I hear of all these various things such as https, ssl/tls, srp, md5, sha, bcrypt, and so on. Which of these do I need exactly and which do I not need? And in what form should the password be stored in the database?
For normal web, it is implement using http, that is the communication between
the client (often browsers) and the server is in plaintext. To ensure the data
is encrypted, the ssl is applied on http and thus the acronym https. Now to store
the user password in database, you can probably applied one way hash algorithm
such as md5 and sha. Thus, when you submit the password over the network, the
password is encrypted in the https communication and thus it is safe from the
eavedropper. The server should apply the crytographic hash function against the
password submit by the user and match against the encrypted password stored
inside the database.