This is speculation without knowing your scope and architecture,
but perhaps part of the puzzle is two factor authentication
via a $20 Yubico FIDO U2F Security Key.
https://www.yubico.com/store/
https://www.yubico.com/about/background/fido/
https://www.yubico.com/2016/02/use-of-fido-u2f-security-ke
Now that i think about it.. this will contain a list of passwords for servers,
etc.. each user will need to access about a dozen company passwords.. trying to
thing about how to keep this buttoned down..
On February 22, 2017 at 9:19:05 AM, Alexandre Bergel (alexandre.ber...@me.com)
wrote:
If
Hi, Alejandro..
yes, they are looking to encrypt the entire database.. you’re right, i think
securing the OS and running over SSL is sufficient..
BUT..
i do appreciate you writeup on NaCl..
I am DEFINITELY using this on my next project..
Thanks!
On February 22, 2017 at 9:19:05 AM, Alexandre
OH!
Sorry.. they don’t want to do the crypto stuff on our own..
just the CRUD stuff of managing the passwords..
but those were some really good links!
On February 22, 2017 at 9:19:05 AM, Alexandre Bergel (alexandre.ber...@me.com)
wrote:
are they aware of Schneier's Law...
* https://www.schn
This is impressive Alejandro! Thanks for the explanation
Alexandre
> Le 22 févr. 2017 à 01:17, Alejandro Infante a
> écrit :
>
> Hi!
> If it help I’m using NaCl to do secure the passwords. You should not store
> the passwords of your users, not even encrypted.
>
> For securing the password
On Wed, Feb 22, 2017 at 9:21 PM, sergio ruiz wrote:
>
> for whatever reason, they want something written from scratch.. in house..
are they aware of Schneier's Law...
* https://www.schneier.com/blog/archives/2011/04/schneiers_law.html
* https://www.schneier.com/essays/archives/1999/03/cryptograph
On Wed, Feb 22, 2017 at 01:17:35AM -0300, Alejandro Infante wrote:
> salt := (Nacl randomBytes: 16)
>
> User>>setPassword: aPassword
> hashedPassword := Nacl hash: (salt , aPassword asByteArray)
Hi Alejandro,
Coincidentally, I've just updated my SHA256/512 password hashing library, wh
Right.. we’re looking to encrypt the entire database AFTER doing the business
as usual password encryption..
On February 21, 2017 at 11:15:55 PM, Alejandro Infante
(alejandroinfant...@gmail.com) wrote:
Hi!
If it help I’m using NaCl to do secure the passwords. You should not store the
password
We are looking to encrypt the entire database..
On February 21, 2017 at 11:15:55 PM, Alejandro Infante
(alejandroinfant...@gmail.com) wrote:
As for single username/pass encryption (not the whole DB), and assuming you
want two-way encrypt (that you want to decrypt), I have used both, Rijndael an
Gotcha! thanks!
for whatever reason, they want something written from scratch.. in house..
On February 21, 2017 at 11:15:55 PM, Alejandro Infante
(alejandroinfant...@gmail.com) wrote:
Here is a collection for reference. If one of these is suitable you can skip
the
implementation and just dep
Hi!
If it help I’m using NaCl to do secure the passwords. You should not store the
passwords of your users, not even encrypted.
For securing the passwords I use Sha-512 over the salted password.
User>>initialize
super initialize.
salt := (Nacl randomBytes: 16)
User>
As for single username/pass encryption (not the whole DB), and assuming you
want two-way encrypt (that you want to decrypt), I have used both, Rijndael
and Blowfish, both in combination with SpsSplitPasswordStore.
Cheers,
On Tue, Feb 21, 2017 at 8:20 AM, Pierce Ng wrote:
> On Mon, Feb 20, 2017
On Mon, Feb 20, 2017 at 05:34:41AM -0800, sergio ruiz wrote:
> I have been tasked with throwing together a small web app that will hold
> the passwords to different projects for my company.
Here is a collection for reference. If one of these is suitable you can skip
the
implementation and just d
Works marvels indeed.
I have made some more Seaside integrations for this one.
But Pharo3. Need to upgrade to latest Seaside and Pharo.
Phil
On Mon, Feb 20, 2017 at 3:06 PM, Hernán Morales Durand <
hernan.mora...@gmail.com> wrote:
> Hi Sergio,
>
> Have a look at the ApplicationSecurity packa
Hi Sergio,
Have a look at the ApplicationSecurity package:
http://80738163270632.blogspot.com/2014/03/application-security-presentation.html
http://80738163270632.blogspot.com/2014/10/application-security-2-checkpoint.html
http://80738163270632.blogspot.com/2015/02/application-security-3-setting-
I have been tasked with throwing together a small web app that will hold
the passwords to different projects for my company.
I would like to use seaside to do this, but the biggest requirement is that
we need to be able to either:
- encrypt the entire database, so that if the machine was compromi
16 matches
Mail list logo
