I am working with site that is done with WordPress, and I need to add some parts that are outside WP, and to check user login, Logging users outside WP. I tried with md5 of password but it’s not… I tried this code: require_once( ‘wp-includes/class-phpass.php’ ); $wp_hasher = new PasswordHash( 8, TRUE ); $password = … Read more
I see a lot of confusion between hashes and encryption algorithms and I would like to hear some more expert advice about: When to use hashes vs encryptions What makes a hash or encryption algorithm different (from a theoretical/mathematical level) i.e. what makes hashes irreversible (without aid of a rainbow tree) Here are some similar … Read more
Which of them are preferred in which circumstances? I’d like to see the list of evaluation crtieria for the various modes, and maybe a discussion of the applicability of each criterion. For example, I think one of the criteria is “size of the code” for encryption and decryption, which is important for micro-code embedded systems, … Read more
When installing a fresh wordpress, one of the things one should do is, updating the salts in wp-config.php. The section looks like this define(‘AUTH_KEY’, ‘put your unique phrase here’); define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’); define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’); define(‘NONCE_KEY’, ‘put your unique phrase here’); define(‘AUTH_SALT’, ‘put your unique phrase here’); define(‘SECURE_AUTH_SALT’, ‘put … Read more
This question already has answers here: Closed 10 years ago. Possible Duplicate: How to validate WordPress generated password in DB using PHP? I am working with site that is done with WordPress, and I need to add some parts that are outside WP, and to check user login, but I can’t find how WP is … Read more
When sending data over HTTPS, I know the content is encrypted, however I hear mixed answers about whether the headers are encrypted, or how much of the header is encrypted. How much of HTTPS headers are encrypted? Including GET/POST request URLs, Cookies, etc. 9 s 9
I’m currently developing a plugin and the chances are that I will more than likely release it on the public plugin repository so others can use it. The plugin will be using an API and to use this API you need to pass a username and password. So my plugin needs to store these login … Read more
If you try to decrypt PKCS5-padded data with the wrong key, and then unpad it (which is done by the Cipher class automatically), you most likely will get the BadPaddingException (with probably of slightly less than 255/256, around 99.61%), because the padding has a special structure which is validated during unpad and very few keys … Read more
Once I have a list of providers, as described in JB Nizet’s post, I still don’t have a list of algorithms. I found that each Provider functions as a Properties object, and the Properties encode the algorithm names. I’m not entirely clear on if this is the correct way to look for them or not, … Read more
A simple way of doing this is to use Password Based Encryption in Java. This allows you to encrypt and decrypt a text by using a password. This basically means initializing a javax.crypto.Cipher with algorithm “AES/CBC/PKCS5Padding” and getting a key from javax.crypto.SecretKeyFactory with the “PBKDF2WithHmacSHA512” algorithm. Here is a code example (updated to replace the less secure MD5-based variant): import java.io.IOException; import java.io.UnsupportedEncodingException; … Read more
