Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Protecting Passwords

Options
  • 01-12-2017 1:02pm
    #1
    anthonyjmaher
    Registered Users Posts: 2,022 ✭✭✭


    Hello everybody

    we are trying to keep passwords safe for all of the customers that we deal with. I don't like the online solutions like lastpass, as I would be worried about them being hacked. Plus it was cumbersome on the one site that we did have to use it with, so I would rather create an in house solution. what we are thinking is developing a custom hashing program. The idea is that we would keep a list of "simple" passwords for each of the sites. These passwords would be entered in to the custom app which would hash the password with a custom hashing algorithm.

    This would give us:
    - a means of keeping the passwords safe, yet still be able to keep a password list.
    - staff would only be able to use the password WITH the software. This would protect against any ex employee carry out an attack.
    - We could keep a (secret) manual printout of the algorithm, which could be manually calculated (in case the application was down).

    Any thoughts?


Comments

  • Options
    #2
    ED E
    Registered Users Posts: 36,167 ✭✭✭✭ED E


    Roll your own crypto is always a terrible idea.


  • Options
    #3
    anthonyjmaher
    Registered Users Posts: 2,022 ✭✭✭anthonyjmaher


    ED E wrote: »
    Roll your own crypto is always a terrible idea.

    I was gonna use a modification to the MD5 hash (which can be worked out with a small bit of know how).


Advertisement