The best encryption system?

[Twinkie]

As far as I know, there are two "practical" ways to steal passwords, network sniffing and hacking the database. Hashing and using methods like the challenge-response system is meant to stop this possibility, but is there a way to secure both the client and the server equally? Salting a hashed database mean that you cannot salt submitted password with JavaScript and make a valid comparison. Salting with JavaScript means that you must store unsalted hashes in the database. Any unsalted hash is subject to a brute force attack, with a reasonable success rate for weak passwords. Is there an encryption system to not sacrifice security at either end?

 

[Steeevoe]

If a hacker wants your passwords, he will get em! I'm sure most out there want easy targets to hack just for fun.

Use a salt that changes for every user that no-one knows or what no one can easily guess (not the username!), and has no iteration.

You could hold the salt you are using in its normal state in your database. When the person logs in it has to be encrypted to its useable form with a small script . You could use MD5 in that script but keeping to one encryption technique does not increase complexity of things.

Do some old types of encryption like a reversing every 5 out of 10 blocks of text, affine shift all the letters and increase all the numbers by 3, or even use one of the parts of your webpage to use as a one-time-pad to encrypt the text. As long as the salt stored in the db is like ten letters of an MD5(date());

The best encryption method is one that no one ever has thought of and that no one knows about!