No, the article is good, you just can't understand my use case. Seems I'm too vague, sorry. But I can't go into more details, will try to find answers elsewhere.
Reset passwords is just marking the password as deprecated and ask a user to change it without decryption (and resave the hashed value in DB). And I must decrypt and be able to [password => hashed in DB => password].
Currently working as a contractor, mostly on Node.js and Typescript, also React.
Also have a background in academia, I have a PhD in CS and worked as a researcher in AI.
Slava's asking how to securely store the user's password so that his app can then talk to another app as if it were that user. On that user's behalf.
Because the other app needs the user's password, he needs some way to store and retrieve the user's password.
It's tangential to the discussion here.
Slava, you need to look to see if this "other app" has some other way to allow users to delegate access. This is where OpenID and OAuth, etc., come in.
I use OAuth2 when possible, but it's not always the case. I have to support this old-school insecure way, so trying to be less evil by searching the way to improve the password storage.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
No, the article is good, you just can't understand my use case. Seems I'm too vague, sorry. But I can't go into more details, will try to find answers elsewhere.
Reset passwords is just marking the password as deprecated and ask a user to change it without decryption (and resave the hashed value in DB). And I must decrypt and be able to [password => hashed in DB => password].
That's not how hashes work.
Anyway if you have time I recommend reading how password storage is done in ASP.NET Identity. Looking at a concrete example might help.
Slava's asking how to securely store the user's password so that his app can then talk to another app as if it were that user. On that user's behalf.
Because the other app needs the user's password, he needs some way to store and retrieve the user's password.
It's tangential to the discussion here.
Slava, you need to look to see if this "other app" has some other way to allow users to delegate access. This is where OpenID and OAuth, etc., come in.
I use OAuth2 when possible, but it's not always the case. I have to support this old-school insecure way, so trying to be less evil by searching the way to improve the password storage.