Encrypt Function

Encrypt Function

  
Hello,

I would like to know more details about the encrypt function, 
- Which ciphering/hashing alghorythm(s) does it use?  
- Is there key/passwords being used in the process?  

Regards,
Miguel Vieira.
Hi Miguel,
Can you explain your need? I don't think that it's important or even secure, to expose de hash alghorythm.
If you need any alghorythm to encrypt and have the need to decrypt, I think you should implement your own code,to have more control an security.

Kind Regards,
Nuno
Thanks for the Reply,

I was mostly curious about the strenght of the alghorythm in the encrypt function, also thanks for the suggestion.

Regards,
Miguel Vieira.
Hi..
I agree with Nuno's opinion. However, I trust in the hash alghorythm given by the platform. In terms of control, if you need to deal with encrypt / decrypt, just code a nice extension with a bullet proof alghorythm and share it with us :)

Cheers,
GM

Miguel Vieira wrote:
Thanks for the Reply,

I was mostly curious about the strenght of the alghorythm in the encrypt function, also thanks for the suggestion.

Regards,
Miguel Vieira.
 
 
It's a salted MD5 hash.

It is a valid concern for security purposes, and people must know what they are using to assess if it fits their standards/needs. 

"Trust, but verify." - Ronald Reagan

There is also no problem in disclosing this information, the only way to hack it would be through rainbow tables (which is rather troublesome/time consuming/inacurate...) but since the salt is still private, so long rainbow tables... :D
Thanks for the information António,

I am more pleased knowing it's salted to. Safety above all!
Looking forward to doing some cryptography within the platform.

Regards,
Miguel Vieira
Hi, I have a mobile app that I want to verify if the user/pass is valid by login on the plataform. But I dont want to pass the password in plain text. Can you provide me a way to do this? Thx all.
@Rogério

Maybe something like this:
http://caligatio.github.io/jsSHA/
http://www.webtoolkit.info/javascript-sha256.html (this one looks a lot simpler, but only does SHA-256)

But you should use HTTPS. Always, not just in the login pages.

Thx Carlos! If I encrypt using SHA can I compare with the password´s hash saved on the plataform? Is this correct?
Rogério, from a security standpoint it's not in anyway more secure to send the hash of the password instead of the password.

If you want to secure your login, you should really use HTTPS, as suggested by Carlos.

What Ricardo said. Sending either the password or the hash is pretty much the same, the only difference is that if you only ever receive a salted password on the server, you can deny any knowledge of the actual password. This can cause legal problems, so be careful with that.