Comments on: Small trick for seamless base64 password storage in django

By: Swizec

Swizec — Sun, 12 Jun 2011 21:19:00 +0000

This isn’t really about security per se, and it doesn’t really matter which reversible hashing or encryption you use, the point is the trick that makes its use seamless in django.

By: Miha Zidar

Miha Zidar — Sun, 12 Jun 2011 20:45:00 +0000

Dude, seriously?

What about all those reversible encryption methods, that are so much better than “base64″, which shouldn’t even be called an encryption method. All I see here is that you might need the plain password some time later (witch you shouldn’t even have), and encrypting that with base64 is a really really lame excuse for security.

There are many way better ways of doing things.

You should encode the data (in your case a password) with your own private password, and use that private password to decode the data. That way, if someone was able to get your database with all the passwords, those would still be useless, unless they got your private password, used to encode those. With base64 they would not need anything else from you, just plain data.

By: Swizec

Swizec — Thu, 15 Jul 2010 15:02:53 +0000

Some features just cannot be made with one-time access to third party API’s

By: Marko

Marko — Thu, 15 Jul 2010 10:04:32 +0000

There is no good reason to store passwords in clear. Ever. Reason for this is certainly not security through obscurity, because you can’t reverse a one-way hash function and a good one will make it really freaking difficult for you to guess the input.

I can understand, although not condone, one time access to import data from other service, but for that you don’t need to store passwords either.

Thanks for heads up about security of preona service