[fpc-pascal] howto store passwords

jellyfish.software at gmx.net jellyfish.software at gmx.net
Mon Nov 2 05:48:22 CET 2015

On November 2, 2015 5:29:29 AM GMT+01:00, Ralf Quint <freedos.la at gmail.com> wrote:

>The downside of that approach however is that it this opens up the 
>possibility to create a matching hash on "inappropriate" passwords (too
>short, easy to look up/guess) and hence get access...

And that's why we use cryptographically secure hash functions. This prevents the malicious attacker from creating a collision on purpose, and with a random collision at p = 1/2**128 you can practically ignore that possibility. It is more probable that the comparison function gets a zap from some cosmic ray and tells you a one for a zero.

More information about the fpc-pascal mailing list