i have issue password hashing.
i use hashing function 1 here:
with function can hash passwords before save them database.
but
in application use password log in different servers (like mail-server) inside javacode need password not hashed rather plain text password.
so i'm wondering how can extract plain text password again (hash + salt stored in db , hash-function/ iteration count known) use log in different servers.
does know how that? (preferably in way can uses linked owasp code hash passwords)
edit : seems encryption way go here, acceptable solution (as encryption not safe)? go high iteration count , salt anyway.
the entire purpose of hash irreversible. if plain-text password defeat purpose of hash, , security vulnerability.
Comments
Post a Comment