Jul-03-2017, 05:53 PM
This assignment is awful. Do you have an email address for the professor? I'd love to educate them on proper password usage.
Cliff notes:
- don't store passwords
- don't store encrypted passwords
- don't encrypt passwords
- don't print passwords
- use one-way hashing
The only legitimate use of storing passwords that can be decrypted is for a password manager, and even in that case, caesar is the wrong cipher to use. You'd need to use something that's actually cryptographically sound, like aes. Given an "encrypted" output from a caesar cipher, you can trivially find out what the original input is, meaning it's not really encrypted at all. It's only really useful if you want to physically write something down and for an acquaintance to be able to "decrypt" it with only needing a piece of paper and pen(cil).
"It's just a homework assignment" is also not a valid excuse for this nonsensical shit, either. Using words like "encryption" and "cipher" will make students believe that this is how things are Really Done, so after they're done with the class, they'll go and Really Do it out in the wild. If you want a toy assignment that doesn't cause future security issues, maybe just make a cron-like alarm that soft-encrypts the alert messages?
Cliff notes:
- don't store passwords
- don't store encrypted passwords
- don't encrypt passwords
- don't print passwords
- use one-way hashing
The only legitimate use of storing passwords that can be decrypted is for a password manager, and even in that case, caesar is the wrong cipher to use. You'd need to use something that's actually cryptographically sound, like aes. Given an "encrypted" output from a caesar cipher, you can trivially find out what the original input is, meaning it's not really encrypted at all. It's only really useful if you want to physically write something down and for an acquaintance to be able to "decrypt" it with only needing a piece of paper and pen(cil).
"It's just a homework assignment" is also not a valid excuse for this nonsensical shit, either. Using words like "encryption" and "cipher" will make students believe that this is how things are Really Done, so after they're done with the class, they'll go and Really Do it out in the wild. If you want a toy assignment that doesn't cause future security issues, maybe just make a cron-like alarm that soft-encrypts the alert messages?
