Re: store a hashed password in database is the best practice?
Steve wrote:
I saw some postings saying to hash a password as the key,
and then encrypt it with the password.
The phrase: "to hash a password as the key" does not make any sense.
And it's not clear what you mean by "it" in the phrase: "encrypt it
with the password". You'll need to describe what you propose, more
clearly, before people can comment, IMHO.
HTH,
TC (MVP MSAccess)
http://tc2.atspace.com
.
Relevant Pages
- Re: Newbie Salt and Pass Phrase Question.
... Just start the program, enter your pass phrase, ... of saving a hash of the pass phrase hash with each member record, ... What if I I salt this hash? ... Don't encrypt the salt. ...
(sci.crypt) - Re: Newbie - Are You Sure Thats the Correct Pass Phrase?
... I'd like to save the user from a badly entered pass phrase, ... So you allow the user to enter data even if the passphrase is incorrect? ... So you use the same passphrase to encrypt the data? ... Is the hash of the passphrase ...
(sci.crypt) - RE: Can Kerberos be cracked??
... Subject: Can Kerberos be cracked?? ... If you were able to decrypt the timestamp ... As for your assumption about the hash being as good as the password, ... > encrypt the timestamp) still be susceptible to brute-force> using dictionary ...
(Focus-Microsoft) - RE: Can Kerberos be cracked??
... If you were able to decrypt the timestamp ... As for your assumption about the hash being as good as the password, ... > encrypt the timestamp) still be susceptible to brute-force> using dictionary ... The server doesn't actually know what the user's>>password is, ...
(Focus-Microsoft) - Re: Can Kerberos be cracked??
... encrypt the timestamp) still be susceptible to brute-force using dictionary ... Secondly, even without the actual password known, wouldn't juz the hash (let ... The server doesn't actually know what the user's ...
(Focus-Microsoft) |
|
