in reply to Ecrypting passwords
You are on the right path. For a basic one-way encryption you can take the password, append to it some standard text that is part of your algorithm, append some salt that varies per user, and then take an MD5 hash of that. Store the MD5 hash.
Given a password, if the same procedure yields the signature that you stored, then the passwords matched.
There probably is something more secure than this, but this is enough that your remaining security problems are more likely to be elsewhere - possibly plaintext passwords sent over the wire, people with bad passwords, people reusing passwords, people who can be social engineered...
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: Re: Ecrypting passwords
by sgifford (Prior) on Oct 06, 2003 at 01:35 UTC |
In Section
Seekers of Perl Wisdom