Re: Secure storage of passwords or credit card data

2015-11-10 Thread Markus Ruggiero
Thanks all who responded. I got some great ideas. Just to make all of you feel better - I don't intend to store any CC numbers (just used it as an example) and I am fully aware that one should never ever store passwords but only some cryptographic hashes - and that was what I was looking for -

Re: Secure storage of passwords or credit card data

2015-11-09 Thread Ramsey Gurley
Hi Markus, As others have mentioned, don’t store CC data unless you really really have to. You make a system compromise so much worse if you’ve got CC stuff lying around. That said, there’s ERXCryptoString and the ERPrototype by the same name. For password hashing, the new state of the art is

Re: Secure storage of passwords or credit card data

2015-11-09 Thread Dennis Bliefernicht
Hi everyone, > On 08 Nov 2015, at 00:08, Mark Wardle wrote: > > I’m using http://www.jasypt.org Note that jasypt seems to use a default of "1000 times MD5" on the password, which depending on who you ask is not considered that secure anymore (still

Re: Secure storage of passwords or credit card data

2015-11-07 Thread Mark Wardle
I’m using http://www.jasypt.org I have a property such as encryptedPassword and then write code like this: public void setPassword(String newPassword) { BasicPasswordEncryptor passwordEncryptor = new BasicPasswordEncryptor();

Re: Secure storage of passwords or credit card data

2015-11-04 Thread Ray Kiddy
On Wed, 04 Nov 2015 10:40:49 +0100 Markus Ruggiero wrote: > Folks, > > another quick question: what are you using for secure storage of > passowords and credit card data in a Wonder app? Is there anything in > Wonder (probably there is, but it is not always easy to

Secure storage of passwords or credit card data

2015-11-04 Thread Markus Ruggiero
Folks, another quick question: what are you using for secure storage of passowords and credit card data in a Wonder app? Is there anything in Wonder (probably there is, but it is not always easy to find things), or are you using other things/libs/code? Any code examples? Thanks for any hint /

Re: Secure storage of passwords or credit card data

2015-11-04 Thread Fabian Peters
Hi Markus, To generate password hashes, there's er.extensions.crypting.Bcrypt. IMHO you shouldn't have to store credit card data these days, unless you work on a payment service provider system. Seamless integration is possible and payment service providers can also store customers' card data

Re: Secure storage of passwords or credit card data

2015-11-04 Thread Dennis Bliefernicht
Hi, > On 04 Nov 2015, at 10:40, Markus Ruggiero wrote: > > another quick question: what are you using for secure storage of passowords > and credit card data in a Wonder app? Is there anything in Wonder (probably > there is, but it is not always easy to find