Author: MB Software Solutions, LLC
Posted: 2011-12-21 at 01:43:47
On 12/21/2011 12:41 AM, Christof Wollenhaupt wrote:
> If you use CRC functions you should salt the value. That is adding a few
> application specific characters before or after the password, then passing
> the result to SYS(2007) - or whatever else. Adding more sophisticated
> functions to calculate the hash value would be possible but not add
> security value. Once you went beyond storing the password, the application
> (with code injection) becomes the weakest link, not cracking a password.
>
That makes sense. Seems like me just getting and storing the CRC of
"<whatever prefix I choose here>" along with their password and then on
the login screen, comparing that same prefix + their entered password
against the stored value would be sufficient.
I see that approach as responsible. I'd like to hear someone give an
explanation as to why it wouldn't be (responsible).
Thanks,
--Mike
--
Mike Babcock, MCP
MB Software Solutions, LLC
President, Chief Software Architect
http://mbsoftwaresolutions.com
_______________________________________________
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: http://leafe.com/archives/byMID/profox/4EF18023.2020603@mbsoftwaresolutions.com
** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.