I am considering creating my 开发者_JS百科own web based, multi user password management software.
The basic question that comes up is, what strategy will I use for secure storage and retrieval of passwords?
Obviously, I don't want to store information in clear text. Should I encrypt/decrypt on the database server, web server, client (javascript), or everywhere? Where will encryption keys live? Should I use a master password (pre shared key) for encryption/decryption?
Are there other questions that I should be asking myself?
I appreciate any suggestions.
A quick google search on "online password manager" revealed a number of results, including:
http://www.clipperz.com/
Can't comment to the quality of the site or their security, just responding to the first line of your post that says, "I am looking for web based, multi user password management software." It is certainly out there, and would save a lot of time versus building it yourself.
You should ask yourself "Can I, myself, obtain the actual password if I wanted to?". The answer should always be no. To achieve this, use a salted hash instead of encryption.
http://pbeblog.wordpress.com/2008/02/12/secure-hashes-in-php-using-salt/
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论