- February 8, 2017
- Posted by: user
- Category: Uncategorized
Random Salt Password Encryption Technique
[code:js]
/* Client Side */
function encryptPassword(){
var salt = #session.salt#;
var passField = document.getElementById(‘txtPassword’);
// Submit this password value while submitting form.
return md5(md5(passField.value) + salt);
}
[/code]
[code:cf]
/* Server Side */
<cfscript>
/* Get the user password from the database (already stored in md5 format) */
userPassword = queryUser.password;
local.salt = Session.salt;
// Check Salted Database Password With Submitted Password from the form
if( toBase64(userPassword&local.salt) eq form.userPassword )
{
//Authenticated.
}
else
{
// Invalid user
}
</cfscript>
[/code]
* Password In the database needs to be stored in md5(base64 encoding) format.
* md5() javascript functions are readily available on the internet.
* Any technique can be used for generation of Salt value.