You could store an access key (hashed, encrypted, etc) that you use to lookup the data's encryption key from a database or off the server and have the server end handle the security.
_____ From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of rmarples Sent: Tuesday, December 04, 2007 5:39 PM To: flexcoders@yahoogroups.com Subject: [flexcoders] Re: Local storage of password Hi Jeff - Thanks for the response. By the way, great podcast :) I will look into the encryption libraries that both you and William mentioned but I'm wondering how they handle the encryption key. I have a requirement that I can't store the encryption key in the source code as a string literal. I'm wondering if you or anybody else has ideas on how to handle this? Ryan --- In [EMAIL PROTECTED] <mailto:flexcoders%40yahoogroups.com> ups.com, Jeffry Houser <[EMAIL PROTECTED]> wrote: > > > Yes, MD5 is a hashing algorithm and it is unlikely you'd be able to > take a hash and get the original text (in a timely / efficient manner). > > There are a few AS3 encryption projects. ASCrypt3: > ascrypt3.riaforge.com and Crypto http://crypto. <http://crypto.hurlant.com/> hurlant.com/ > > Both of them have 2-way encryption algorithms you could use. AES > perhaps? That said, I worry about the security implications of storing > this type of authentication between application uses. > > rmarples wrote: > > > > > > Tracy - Isn't MD5 a hashing algorithm? Meaning I can only encrypt, not > > decrypt? I don't > > think this would work for this scenario would it? > > > > Ryan > > > > --- In [EMAIL PROTECTED] <mailto:flexcoders%40yahoogroups.com> ups.com <mailto:flexcoders%40yahoogroups.com>, > > "Tracy Spratt" <tspratt@> wrote: > > > > > > There is an MD5 library available for AS3 that I have used. > > > > > > > > > > > > Tracy > > > > > > > > > > > > ________________________________ > > > > > > From: [EMAIL PROTECTED] <mailto:flexcoders%40yahoogroups.com> ups.com > > <mailto:flexcoders%40yahoogroups.com> [mailto:[EMAIL PROTECTED] <mailto:flexcoders%40yahoogroups.com> ups.com > > <mailto:flexcoders%40yahoogroups.com>] On > > > Behalf Of rmarples > > > Sent: Monday, December 03, 2007 4:59 PM > > > To: [EMAIL PROTECTED] <mailto:flexcoders%40yahoogroups.com> ups.com <mailto:flexcoders%40yahoogroups.com> > > > Subject: [flexcoders] Local storage of password > > > > > > > > > > > > I have a requirement to take credentials used for an external web > > > service and cache them > > > locally so that the user need not re-type their password each time they > > > run the app. I can > > > easily store these credentials in a SharedObject (cookie) but I don't > > > want to store the > > > password in plain-text here. Does anybody have any recommendations on an > > > ecrypt/decrypt > > > mechanism I can use for this? Also I have a requirement that any key > > > used to encrypt can not > > > be stored in the source code as a string literal. > > > > > > Ryan > > > > > > > > > -- > Jeffry Houser, Technical Entrepreneur, Software Developer, Author, > Recording Engineer > AIM: Reboog711 | Phone: 1-203-379-0773 > -- > My Company: <http://www.dot- <http://www.dot-com-it.com> com-it.com> > My Podcast: <http://www.theflexs <http://www.theflexshow.com> how.com> > My Blog: <http://www.jeffryho <http://www.jeffryhouser.com> user.com> >
