Re: Hashed PW's more secure than encrypted PW's?
From: Mike Delaney (mdelan@computer.org)Date: 06/14/02
- Next message: sakky: "Re: Hashed PW's more secure than encrypted PW's?"
- Previous message: Bruno Wolff III: "Re: Hashed PW's more secure than encrypted PW's?"
- In reply to: sakky: "Hashed PW's more secure than encrypted PW's?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Mike Delaney <mdelan@computer.org> Date: Fri, 14 Jun 2002 14:36:37 -0500
On Fri, 14 Jun 2002 19:13:30 GMT in <ufrO8.34200$nZ3.6595@rwcrnsc53>,
sakhalinrf@hotmail.com said something similar to:
:
: So it seems to me that hashing the passwords is no more secure than just
: encrypting the passwords. In either case, it seems to me that the level of
: security would boil down to, in the case of encryption, the length of the
: key, and in the case of hashing, the length of the password. Yet all the
: literature I have read has emphatically stated that hashing the passwords is
: better than encrypting them. What am I missing here?
The fact that in order to encrypt rather than hash the passwords, the
key itself has to be stored somewhere. Find the key, and you can
decrypt the passwords.
-- Mike Delaney <mdelan@computer.org> "...Microsoft follows standards. In much the same manner that fish follow migrating caribou." "Now I have this image in my mind of a fish embracing and extending a caribou." -- Paul Tomblin and Christian Bauernfeind in the SDM
- Next message: sakky: "Re: Hashed PW's more secure than encrypted PW's?"
- Previous message: Bruno Wolff III: "Re: Hashed PW's more secure than encrypted PW's?"
- In reply to: sakky: "Hashed PW's more secure than encrypted PW's?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
