Interesting question: First, I'd have to ask why you're implementing a password encryption program to begin with,...
instead of letting an operating system or application manage this bit of information. I assume you're asking in the context of writing the application that will manage the encryption code itself.
The general contemporary thinking in this regard is not to put passwords in code, but to use certificates, like Kerberos, or trust relationship information, like Federation SAML assertions, in the code since any hacker with enough time and energy can eventually crack an encrypted password.
For more information:
Dig Deeper on Password management and policy
Related Q&A from Randall Gamby
Enterprise SSO products have matured over the years, so what's the state of eSSO today? Expert Randall Gamby discusses. Continue Reading
Enterprises need a full understanding of the FIDO authentication framework before switching to its technology. Expert Randall Gamby looks at the most... Continue Reading
A self-managed HSM appliance may be the safer external key management system to use with your organization's encryption keys. Here's why. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.