RE: Alternatives to storing a user's password in your database

Author: Tracy Pearson

Posted: 2011-12-20 at 17:26:00

MB Software Solutions, LLC wrote on 2011-12-20:

> As you might have seen from a previous thread, I was looking at using

> the checksum via SYS(2007) or Craig Boyd's CRC() function (from his

> vfpencryption71.fll) to store the person's password. I've never liked

> saving the actual password in the database.

>

> Is anyone else here doing something similar and can comment on what they

> use/do?

>

> Thanks,

> --Mike

Mike,

It has been discussed around here. Several ideas came up. One that makes

since to me:

CRC(Password + Seed)

Another one was

CRC(SeedFunction(CRC(Password)))

Yeah, crazy. Depending on the first or last character of the CRC of the

password start a random number generator to get addition characters at a

predetermined length. Something about the possibility of different machines

might generate different random numbers.

Tracy Pearson

PowerChurch Software

_______________________________________________

Post Messages to: ProFox@leafe.com

Subscription Maintenance: http://leafe.com/mailman/listinfo/profox

OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech

Searchable Archive: http://leafe.com/archives/search/profox

This message: http://leafe.com/archives/byMID/profox/001801ccbf66$5a46caa0$0ed45fe0$@powerchurch.com

** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.

©2011 Tracy Pearson