Menu
I am using require 'digest/sha1' to encrypt my password and save into database. During login I authenticate by matching the encrypted password saved in database and again encrypted the one use enter in password field. As of now everything works fine but now I want to do 'Forgot Password' functionality. To do this I need to decrypt the password which is saved in database to find original one. How to decrypt using digest/sha1?
Or does anyone know any algorithm which supports encryption & decryption as well?
I am using ruby on rails so I need Ruby way to accomplish it.
382
Using encryption in Rails 7 It works by declaring which attributes should be encrypted and seamlessly encrypting and decrypting them when needed. The encryption layer sits between the database and the application. The application will access unencrypted data, but the database will store it encrypted.
Laravel uses AES-256 and AES-128 encrypter, which uses Open SSL for encryption. All the values included in Laravel are signed using the protocol Message Authentication Code so that the underlying value cannot be tampered with once it is encrypted.
SHA1 is a one way function you can't reverse it.
This may be of interest re password resets: http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic/
If you want to do encryption/decryption then you should use something like AES. Once you start using encryption/decryption, however, you'll also have to start worrying about key management too.
Regarding your comment to the OP below - if you are going to to be storing CC info, I would advise you get a security person in who knows about crypto, key management etc and who also understands the relevant legal and regulatory aspects.
124
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
