close ad
Install the LAtest Updates to Work with CC 2017 and CC 2018
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Sha1

Thread began 9/03/2010 6:19 pm by mr hankey | Last modified 9/04/2010 6:49 pm by anonymous | 901 views | 4 replies |

mr hankey

Sha1

Hi,

Currently security assist uses sha1 hashing, i have read around that there are better hashing methods out there such as sha512 etc.

will security assist be updating to this and is sha1 secure enough to use for now?

many thanks

Sign in to reply to this post

Jason ByrnesWebAssist

there are currently no plans to include any different hash algorithms in future versions of security assist, but you can post a request in the wishlist forum to have this taken into consideration.

the only real difference between an sha1 encrypted string and sha512 is the length.

sha512 is 129 characters long versus 40 characters.

both are one way encryption algorithms, meaning they cannot be decrypted.

sha1 is secure enough.

Sign in to reply to this post

mr hankey

thanks jason, just wanted to clarify the difference.

but if sha1 is secure enough, then happy with that.

thanks again for the response

Sign in to reply to this post

danielsebas

I don't find SHA options

This post has been deleted.

danielsebas

I don't find SHA options

Hi I have all the extensions of webassist, but not all are working as they should, for example I've read in this forum about the sha algorithm but how do I activate it when I use the security assist wizzard? Becuase when I finish the wizzard, and then I register the password is not encrypted, also I discovered that when you use a template in the wizzard all the files are missed placed in the site.

Sign in to reply to this post

anonymous

Daniel,

There has been a bug that was discovered by the WA team and few of us users where we found that the Security Assist folder gets added outside the root html folder. I think Jason said they were working on discovering what was causing it but it was still not known as of a few days ago. To fix, you just have to move the folder into your main HTML folder.

To use SHA1, you just need to apply it -- it's not something you activate.

To apply it, just go to your insert record behavior on your registration page. When you open the behavior, you can click next to assign the values from your form to the correct database column. You will also see "formatting". So you would go down to your password column, select the lightning bolt and select the password form input field if it is not already there... then select the formatting drop down and click on WebAssist SHA1 Encryption.

You will also need to change your login form to apply SHA1 to the password BEFORE it compares it to the value in the database. That way, your comparing the SHA1 encrypted entry against the SHA1 encrypted database field.

But remember, you will also need to change your password retrieval system as well. Once a password is encrypted with SHA1, you won't be able to decrypt and send it back to someone if they forget. So, when a user forgets their password and clicks "Forgot Password", you will actually need to create a whole new temporary password (which you can email back to them before it gets encrypted) and then they will be able to login with the new one and change their password to whatever they like.

Here is a great video tutorial on the whole process: securityassist/

Go to Solution Recipes and click on "Modifying Registration".

Best regards,

Brian

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...