[fpc-pascal] howto store passwords
jellyfish.software at gmx.net
jellyfish.software at gmx.net
Mon Nov 2 05:48:22 CET 2015
On November 2, 2015 5:29:29 AM GMT+01:00, Ralf Quint <freedos.la at gmail.com> wrote:
>The downside of that approach however is that it this opens up the
>possibility to create a matching hash on "inappropriate" passwords (too
>
>short, easy to look up/guess) and hence get access...
And that's why we use cryptographically secure hash functions. This prevents the malicious attacker from creating a collision on purpose, and with a random collision at p = 1/2**128 you can practically ignore that possibility. It is more probable that the comparison function gets a zap from some cosmic ray and tells you a one for a zero.
More information about the fpc-pascal
mailing list