qt storing passwords in DB

Member's Online

m4r0v3r | # 1 | 2014-07-12, 14:26 | Report

so am trying to create a VNC client for sailfish, albeit badly, and saving multiple client entries in a DB, but how would I securely save a password. Would I hash it and then save it, but what about when I need to actually use it for logging in.

Or realistically is this not possible

pycage | # 2 | 2014-07-13, 08:49 | Report

Hashing is good if you don't ever need to use the actual password, but only compare it to what the user has entered. In your case, you need the password, though.
You could store it encrypted (e.g. with the Blowfish algorithm) on device.
Cargo Dock (https://github.com/pycage/cargodock) is an example of how Blowfish is used to encrypt passwords.

smoku | # 3 | 2014-07-13, 12:41 | Report

Encrypting with a hardcoded secret is no better than ROT13.
So you need some kind of password-wallet, secured with a password given by the user.

The Following User Says Thank You to smoku For This Useful Post:
sixwheeledbeast

nieldk | # 4 | 2014-07-13, 15:08 | Report

Originally Posted by smoku View Post

Encrypting with a hardcoded secret is no better than ROT13.
So you need some kind of password-wallet, secured with a password given by the user.

just salt the encryption key with a user PIN

The Following User Says Thank You to For This Useful Post:
pichlo