Felix Samy
2010-Oct-06 08:09 UTC
Good idea to send encrypted password with activation link
Is this good idea to send activation link with encrypted password -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Ar Chron
2010-Oct-06 12:41 UTC
Re: Good idea to send encrypted password with activation link
Felix Samy wrote:> Is this good idea to send activation link with encrypted passwordWhy would you want to send the encrypted password anywhere? -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
radhames brito
2010-Oct-06 12:50 UTC
Re: Re: Good idea to send encrypted password with activation link
On Wed, Oct 6, 2010 at 8:41 AM, Ar Chron <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> Felix Samy wrote: > > Is this good idea to send activation link with encrypted password >then encrypted password? For what?? -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
David Kahn
2010-Oct-06 14:32 UTC
Re: Re: Good idea to send encrypted password with activation link
I recently started with Authlogic and it specifically uses a specifically generated temporary token for such so that it is not necessary to send an encrypted password or anything else. I think in general security wise if you are using encryption that you dont want a lot of your encrypted data floating around as given a large enough sample available publicaly theoretically it could be possible to determine your encryption keys. David On Wed, Oct 6, 2010 at 7:50 AM, radhames brito <rbritom-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > > On Wed, Oct 6, 2010 at 8:41 AM, Ar Chron <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote: > >> Felix Samy wrote: >> > Is this good idea to send activation link with encrypted password >> > then encrypted password? > For what?? > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org<rubyonrails-talk%2Bunsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org> > . > For more options, visit this group at > http://groups.google.com/group/rubyonrails-talk?hl=en. >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
David Kahn
2010-Oct-06 14:36 UTC
Re: Re: Good idea to send encrypted password with activation link
PS, this is the authlogic explanation. Their point is that the token expires, as unless you put in other safeguards if the encrypted password might be able to be used again, for security purposes it really should be reset. I think my prev explanation is probably highly unlikely. http://rdoc.info/github/binarylogic/authlogic/master/Authlogic/ActsAsAuthentic/PerishableToken On Wed, Oct 6, 2010 at 9:32 AM, David Kahn <dk-rfEMNHKVqOwNic7Bib+Ti1W1rNmOCjRP@public.gmane.org>wrote:> I recently started with Authlogic and it specifically uses a specifically > generated temporary token for such so that it is not necessary to send an > encrypted password or anything else. I think in general security wise if you > are using encryption that you dont want a lot of your encrypted data > floating around as given a large enough sample available publicaly > theoretically it could be possible to determine your encryption keys. > > David > > > On Wed, Oct 6, 2010 at 7:50 AM, radhames brito <rbritom-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > >> >> >> On Wed, Oct 6, 2010 at 8:41 AM, Ar Chron <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote: >> >>> Felix Samy wrote: >>> > Is this good idea to send activation link with encrypted password >>> >> then encrypted password? >> For what?? >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ruby on Rails: Talk" group. >> To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org >> To unsubscribe from this group, send email to >> rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org<rubyonrails-talk%2Bunsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org> >> . >> For more options, visit this group at >> http://groups.google.com/group/rubyonrails-talk?hl=en. >> > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.