Re: Alternatives to storing a user's password in your database

Author: Ed Leafe

Posted: 2011-12-20 at 17:35:29

On Dec 20, 2011, at 4:25 PM, MB Software Solutions, LLC wrote:

> That's what I'm attempting to do....but with a checksum. So I should

> use the HASH() function instead and store the 64 byte character string

> instead of the 10 digit # generated from the checksum?

Depends on what you're using to generate the checksum. With only 10 digits it sounds like a high probability of collision. Also, how different would the checksums for 'aaaaaaaa' and 'aaaaaaab' be?

I used to use MD5 hash algorithms, but those are considered broken by security experts, so I switched to the SHA-2 hashes.

-- Ed Leafe

_______________________________________________

Post Messages to: ProFox@leafe.com

Subscription Maintenance: http://leafe.com/mailman/listinfo/profox

OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech

Searchable Archive: http://leafe.com/archives/search/profox

This message: http://leafe.com/archives/byMID/profox/D420687B-2CC7-4B1C-B672-7FDEB74CC31A@leafe.com

** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.

©2011 Ed Leafe