jetlib.sec » Penetration Testing » RE: Validating if password is encoded or encrypted

Feeds

133326 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

Penetration Testing

• September 16, 2011
• 

  RE: Validating if password is encoded or encrypted

  Posted: September 16th, 2011, 9:54pm PDT

  Tags:   

  Posted by Maksim . Filenko on Sep 16

  Hey Karen,
  
  It is possible for passwords to be encrypted (i.e. with AES) and then
  encoded with Base64 before storing it in DB.
  
  What do you get after decoding those Base64 strings? Binary data?
  
  wbr,
  - Max
  
  ------------------------------------------------------------------------
  This list is sponsored by: Information Assurance Certification Review Board
  
  Prove to peers and potential employers without a doubt that you can actually do a proper...