Re: Alternatives to storing a user's password in your database

Author: MB Software Solutions, LLC

Posted: 2011-12-20 at 22:04:33

On 12/20/2011 5:35 PM, Ed Leafe wrote:

> On Dec 20, 2011, at 4:25 PM, MB Software Solutions, LLC wrote:

>

>> That's what I'm attempting to do....but with a checksum. So I should

>> use the HASH() function instead and store the 64 byte character string

>> instead of the 10 digit # generated from the checksum?

>

> Depends on what you're using to generate the checksum. With only 10 digits it sounds like a high probability of collision. Also, how different would the checksums for 'aaaaaaaa' and 'aaaaaaab' be?

>

> I used to use MD5 hash algorithms, but those are considered broken by security experts, so I switched to the SHA-2 hashes.

Craig's site lists these options for the HASH:

1 = SHA1 (a.k.a SHA160)

2 = SHA256

3 = SHA384

4 = SHA512 *Default

5 = MD5

6 = RIPEMD128

7 = RIPEMD160

So your SHA-2 is most likely like #4, SHA512? So I store the 128 byte

result?

--

Mike Babcock, MCP

MB Software Solutions, LLC

President, Chief Software Architect

http://mbsoftwaresolutions.com

http://fabmate.com

http://twitter.com/mbabcock16

_______________________________________________

Post Messages to: ProFox@leafe.com

Subscription Maintenance: http://leafe.com/mailman/listinfo/profox

OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech

Searchable Archive: http://leafe.com/archives/search/profox

This message: http://leafe.com/archives/byMID/profox/4EF14CC1.9050603@mbsoftwaresolutions.com

** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.

©2011 MB Software Solutions, LLC