[fpc-pascal] is scrypt available?

[David W Noon]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 26 Oct 2015 22:02:23 -0400, Wkitty42 (wkitty42 at windstream.net)
wrote about "Re: [fpc-pascal] is scrypt available?" (in
<562EDB2F.4080003 at windstream.net>):

> On 10/26/2015 06:28 PM, David W Noon wrote:
[snip]
>> I use PostgreSQL, which offers MD5 hashing of passwords as a
>> built-in, without me adding any of my own (or anybody else's)
>> code to perform hashing.
> 
> sadly MD5 have been being cracked in little time for over a
> decade... that's why we're looking at other means...

Well, we can start here:

<https://en.wikipedia.org/wiki/Secure_Hash_Algorithm>

I also own a couple of books by Bruce Schneier, the doyen of cryptography.

More recently, there is RFC 6234. This was published in 2011 and its
hashes are considered secure at the moment.

<https://tools.ietf.org/html/rfc6234>

> bcrypt came up first in the searched and then scrypt was pointed
> out along with bcrypt's failings... the question now is being
> able/willing to use someone else's code or to reinvent the wheel...
> if it were me, i'd use the other code if its license fits the app
> in question...

I could code up almost any of these algorithms you want. I have
reference implementations under Linux to test the validity of my code.
I would make any such code available under the Berkeley License (or
GPL v3). Indeed, I would make the source code available to all FPC
users if there is interest in hashing here.
- -- 
Regards,

Dave  [RLU #314465]
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
david.w.noon at googlemail.com (David W Noon)
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlYvuqwACgkQogYgcI4W/5QTEACeIgNf72/m5i1d4XY4RkMbN0UR
QocAnRBkqsYbQR7e7LGDOFK/ZVkG6/G7
=qaUT
-----END PGP SIGNATURE-----