php - Using password as part of encryption key in Mobile - Server communication -

-

I am currently working on a mobile app that has a web service developed in PHP. One thing we want to ensure is that the user data is safe in every way possible

After careful evaluation, we have decided to use all the things related to encryption. This is in addition to the HTTPS connection. The current process is of the following type (login example):

  1. The library on iOS uses a key to encrypt the password before sending it to the server.
  2. The server then stores it's encrypted password on the database.
  3. While re-ethnoboting, the app sends back the password (again encrypted with the steady key) and the server decrypts it (this means the server also has an encryption key), login Confirms and sends back the login key (encrypted with the same static key) to the client.
  4. The request for each request depends on the encrypted login and username for authentication of the validity of the username and login session.

    I believe the above system is inaccurate due to the STATIC encryption key and because the key is available on both the server and the client.

    What we need to do is by dynamically merge raw passwords with the STATIC encryption key by dynamic encryption keys. This will make the encryption key for each user, but this means that the server will not have any information about the key.

    Can anyone help me with this? It is important for the server to know that other user data will also be encrypted and decrypted based on this key. What steps should I take to make the system more secure? Any code snippet or specific reference link for the server-mobile customer will also. I know that there are so many tutorials, but most clients do not start the client based on the web and resume.

    PS: Sorry for such a long post.

    I would hardly use it to authenticate the OATH2 token, but if you do it in your own way Want ...

    A salty hash is used to secure the password. Consider the following as a basic example of a hashing password with salt, and keep in mind that it is not cryptographic safe.

    shAResult = SHA1 (16 bytes Random salt | "p @ Ssword ")

    Basics: The server stores shaResult Your app generated a salt value when the user types in their password, then you add it to the stored salt, Do the hash, and take it for verification They send it to the server. In fact it is no longer necessary to encrypt it on the server. The HTTPS connection should handle it.

    Good cryptographic password hashing has been briefly described in the description that they recommend using the following:

    1. Prepared the salt using cryptographic secure pseudo Should be - Random Number Generator (CSPRNG). Recommended CSPRNGs are provided in the link for many programming / scripting languages.
    2. Salt should be unique per-user per-password Every time a user creates an account or changes their password, the password must be washed using a new random salt. Do not reuse salt, salt should also be long, so that it is possible to be very salt. As a rule of thumb, at least make your salt as long as the output of the hash function should be kept with the hash in the user account table.
    3. Use a well-tested cryptographic hash algorithm, such as SHA256, SHA512, PEPMD, WHIRLPOOL, SHA3, etc.
    4. Use a slow hashing function that displays many iterations. Standard algorithms are included and.
    5. Use the key hashing algorithm.

      I repeat that the secure connection still needs to be used in conjunction with the above.

Comments

Post a Comment

Popular posts from this blog

ios - Adding an SKSpriteNode to SKScene from a child SKSpriteNode -

-
I have a SKScene where I am adding an SKSpriteNode I have subclassed the SKSpriteNode class to create this node. In the subclass I am defining some SKActions on Sprite. What do I want to do when the end of this phantom ends the SKAction sequence, then I add a new Prayer node to this scene. How is this possible. The following code is mine: The code for the sequence is that I'm running on the Scansprinitode subclass (TEMissileNode): - SKAction * moveDown = [SKAction moveToY: Self.position.y - 20 Duration: 0.2]; SKAction * animation = [SKAction animateWithTextures: textures timePerFrame: time / 7]; SKAction * moveMissileProjectile = [SKAction Moving: Pointoffscreen Term: Time]; SKAction * group = [SKAction group: @ [animation, movement projectile]]; SKAction * Sequence = [SKAction Sequence: @ [Hilldown, Group, [SKAction removalFromParent]]]; [Self run action: sequence]; From the main scene, I call those actions that execute these tasks TEMissileNode * missile = [tmissil...
Read more

Matlab transpose a table vector -

-
An embarrassing simple question seems to be, but how can I move a Matlab table vector? aTableT = aTable '; I tried a standard syntax for the simple interaction of a line vector to a line vector aTable : ATableT = reshape (aTable, 1, Height (aTable)); and aTableT = rot90 (aTable); According to the head, the last time table should work for table, see. However, I get this error code: Error type in using table / permit (line 396) Undefined function 'permute' for the input arguments. Error in rot 90 (line 29) b = magnitude (b, [2 1 3: ndims (a)]); NB: fliplr is not useful either pretty sure I have covered clear angles - any ideas? Thanks! Try changing your table into an array, move it, then back to a table In other words, try doing this: aTableArray = table2array (aTable); ATableT = array 2table (aTableArray. '); I have also read the document for rot90 , and it says that rot90 is definitely working for tables Do, and I find you...
Read more

c# - Textbox not clickable but editable -

-
I have a small form with 10 text boxes, I have set them in the correct tab order. I want them on my tab service I was wondering if there is a way to set the text box so that they can be selected for editing until they are tabbed. That is ... I do not want the end user to edit the text box to click on them, I just want to make them editable through tabu. this should do the trick public partial category poor text box: Text Box {Safe Override Zero WndProc (Ref: Message Message) {if (m.msg == (Int) WM.LBUTTONDOWN) {Return; // mount down events} base.WndProc (ref m); }} Window message enum can be found. How to do this without anherizing: text box : class EatMouseDown: netwindows {safe override zero WndProc (ref message message) {if (m.msg == (int) WM.LBUTTONDOWN) {return; } Base.WandProc (Ref M); }} Safe Override Zero Onload (EventEurge E) {base.OnLoad (e); How to do this without any part: left a clean part, whatever is important, this can be a buggy but it works R...
Read more