Re: Alternatives to storing a user's password in your database

Author: Christof Wollenhaupt

Posted: 2011-12-21 at 00:41:17

If you use CRC functions you should salt the value. That is adding a few

application specific characters before or after the password, then passing

the result to SYS(2007) - or whatever else. Adding more sophisticated

functions to calculate the hash value would be possible but not add

security value. Once you went beyond storing the password, the application

(with code injection) becomes the weakest link, not cracking a password.

--

Christof

--- StripMime Report -- processed MIME parts ---

multipart/alternative

text/plain (text body -- kept)

text/html

---

_______________________________________________

Post Messages to: ProFox@leafe.com

Subscription Maintenance: http://leafe.com/mailman/listinfo/profox

OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech

Searchable Archive: http://leafe.com/archives/search/profox

This message: http://leafe.com/archives/byMID/profox/CAL4QJhhGmUFzwcOK=bG5ptLrLP-XPB6--ObkZTBG5wgJ1fk1Ew@mail.gmail.com

** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.

©2011 Christof Wollenhaupt