Nishant Nawarkhede
Reputation: 8400
Password encryption and decryption in Google app engine
How can I encrypt and decrypt a password in Google app engine without using third party libraries?
Any examples?
Upvotes: 1
Views: 1655
Answers (1)
Nick Johnson
Reputation: 101139
If you care about your users' security, you're going to have to use a third-party library of some sort, because the only way you should be storing passwords is securely hashed with PBKDF2, SCrypt, or BCrypt - for instance, using this module, which you can easily add to your application.
Note that you should never encrypt passwords (and thus, never decrypt them) - instead, algorithms like PBKDF2 use hashing so that you can check if a password is valid, but never recover the original password.
Upvotes: 11
Related Questions
- What is the workflow to encrypt and access Google Application Credentials in Google's App Engine?
- Public-key encryption between Android and Google App Engine
- Is GAE Datastore encrypted?
- What is best algorithm for password encryption and decryption for android and web application in google app engine?
- App Engine: what are best practices for transmitting a password and storing it securely in Google App Engine?
- Google App Engine good way to send and store passwords
- Security in Android - Google app engine system
- How to protect a Google App Engine app with a password?
- Encrypting user data on App Engine
- Encrypt plain text password for GAE <> Android communication