Re: Alternatives to storing a user's password in your database

Author: Gérard Lochon

Posted: 2011-12-21 at 18:00:58

From: "MB Software Solutions

>>> I defy anyone to recover the password from the stored value :-).

>>

>>

>> There is a big risk of collision using your method.

>> As the result set is composed of only 65128 different values,

>> it doesn't take a long time to input in the routine a string whose result

>> will be the same value as the stored one ...

> Are you saying that two different values could end up with the same

> resulting value from his algorithm?

Exactly.

You can enter 256**20 (1.461E+48) different strings, but only 65128

checksums are possible with this algorithm.

_______________________________________________

Post Messages to: ProFox@leafe.com

Subscription Maintenance: http://leafe.com/mailman/listinfo/profox

OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech

Searchable Archive: http://leafe.com/archives/search/profox

This message: http://leafe.com/archives/byMID/profox/FA198B9E95D84D3891FA434A349A2ABD@MuriellePC

** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.

©2011 Gérard Lochon