RE: Alternatives to storing a user's password in your database

Author: John Weller

Posted: 2011-12-20 at 17:17:30

I have a routine which pads the password to a fixed length of, say, 20

characters with a standard string of punctuation. I then take the ASCII

value of the first character and use it as a seed for a RAND() function. I

take the resulting fraction and multiply it by the ASCII value of the second

character then take the integer value and use it as the seed for another

RAND() repeating until the end of the string is reached. The final fraction

is then multiplied by 10,000,000 and the integer stored. When a user enters

their password I repeat the process and compare the result with the stored

value. I defy anyone to recover the password from the stored value :-).

If you want the code let me know.

John Weller

01380 723235

07976 393631

>

> Is anyone else here doing something similar and can comment on what they

> use/do?

>

_______________________________________________

Post Messages to: ProFox@leafe.com

Subscription Maintenance: http://leafe.com/mailman/listinfo/profox

OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech

Searchable Archive: http://leafe.com/archives/search/profox

This message: http://leafe.com/archives/byMID/profox/006c01ccbf65$2b5d2af0$821780d0$@co.uk

** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.

©2011 John Weller