Linchakin

Store API Credentials Safely: Obfuscation Before Encryption is Key

 October 03, 2021     No comments   

October 3rd 2021 new story
Open TLDR

The challenge is that we can’t use hashing, as we would do for user passwords. We need the credentials to access the API, hence we need to reveal them upon retrieval from store. Encryption alone has its risks, however. In the simplest case, a mindless user chooses the word ‘*password* for the password and suddenly the potential hacker may have an easier task because they only need to try until *password* is revealed. One solution is to obfuscate the credentials characters among a larger string — like spreading some pepper in a plate.

image
Miguel Hacker Noon profile picture

@zapaloteMiguel

Scientist by training, creative spirit by choice.

github social icon
Miguel Hacker Noon profile picture
by Miguel @zapalote. Scientist by training, creative spirit by choice.Read my stories
Anvil

The paperwork API that scales with your tech stack.

Related Stories

Subject Matter
ATT&CK vs. D3FEND - Get Everyone On the Same Page by @z3nch4n
#cybersecurity
GraphQL vs REST: How To Choose One Over The Other by @yaf
#graphql
The All-Purpose Programmer: Episode 1 - "Hello World" by @halexmorph
#php
Learn the Blockchain Basics - Part 9: Blockchain Around the World by @mickey-maler
#bitcoin

Tags

#api#encryption#security#credentials#api-credential-safety#obfuscate-api-credential#encrypt-api-credential#hackernoon-top-story
Join Hacker Noon

Create your free account to unlock your custom reading experience.

Adblock test (Why?)


You may be interested in:
>> Is a Chromebook worth replacing a Windows laptop?
>> Find out in detail the outstanding features of Google Pixel 4a
>> Top 7 best earbuds you should not miss

Related Posts:
>> Recognizing 12 Basic Body Shapes To Choose Better Clothes
>>Ranking the 10 most used smart technology devices
>> Top 5+ Best E-readers: Compact & Convenient Pen
  • Share This:  
  •  Facebook
  •  Twitter
  •  Google+
  •  Stumble
  •  Digg
Email ThisBlogThis!Share to XShare to Facebook

Related Posts:

  • EditorJust as in past decades when cash drawers and bank vaults were targeted for theft, today’s e-shops and online banks have fallen under the scope of cyb… Read More
  • Lansweeper 9.0.30.1 Crack Mac + Serial Key Full Download 2022 Table of Contents Lansweeper 9.0.30.1 Crack Mac + Product Key Full Download 2022 Lansweeper 9.0.30.1 Crack is a program through which the man… Read More
  • Best AMD Motherboards: October 2021 Here’s the latest update to our list of recommended AMD motherboards in our series of motherboard buyers guides. All numbers in the text are updated… Read More
  • Week in security with Tony Anscombe ESET discovers Wslink – Why secure-by-design is a must – Staying cybersecure this Halloween and beyond – Operation Dark HunTOR In this edition of W… Read More
  • OWC Envoy Pro Elektron Rugged IP67 Portable SSD Review The market for portable SSDs has expanded significantly over the past few years. With USB 3.2 Gen 2 (10 Gbps) becoming the de-facto standard for USB… Read More
Newer Post Older Post Home

0 Comments:

Post a Comment


Copyright © 2025 Linchakin | Powered by Blogger
Design by Hardeep Asrani | Blogger Theme by NewBloggerThemes.com | Distributed By Gooyaabi Templates