Re: A question about passwords and login/authentication

From: Scott Gifford (sgifford_at_suspectclass.com)
Date: 03/16/05

  • Next message: abend: "Apache+PHP+ftp security"
    To: Steffen Kluge <kluge@fujitsu.com.au>
    Date: Wed, 16 Mar 2005 12:05:57 -0500
    
    

    Steffen Kluge <kluge@fujitsu.com.au> writes:

    > On Tue, 2005-03-15 at 14:53 +0100, Pavol Luptak wrote:
    >> Try blowfish instead MD5
    >
    > I feel a bit uneasy about using symmetric ciphers (like DES or blowfish)
    > for password encryption. I'm not a crypto guy, but doesn't this bring
    > about the whole bloody key management can of worms?

    Traditional Unix passwords encrypt a constant string using the
    password as the key, effectively turning a symmetric cipher into a
    one-way hash.

    ----ScottG.


  • Next message: abend: "Apache+PHP+ftp security"