[fpc-pascal] is scrypt available?
Michael Van Canneyt
michael at freepascal.org
Tue Oct 27 22:21:55 CET 2015
On Tue, 27 Oct 2015, David W Noon wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Mon, 26 Oct 2015 22:02:23 -0400, Wkitty42 (wkitty42 at windstream.net)
> wrote about "Re: [fpc-pascal] is scrypt available?" (in
> <562EDB2F.4080003 at windstream.net>):
>
>> On 10/26/2015 06:28 PM, David W Noon wrote:
> [snip]
>>> I use PostgreSQL, which offers MD5 hashing of passwords as a
>>> built-in, without me adding any of my own (or anybody else's)
>>> code to perform hashing.
>>
>> sadly MD5 have been being cracked in little time for over a
>> decade... that's why we're looking at other means...
>
> Well, we can start here:
>
> <https://en.wikipedia.org/wiki/Secure_Hash_Algorithm>
>
> I also own a couple of books by Bruce Schneier, the doyen of cryptography.
>
> More recently, there is RFC 6234. This was published in 2011 and its
> hashes are considered secure at the moment.
>
> <https://tools.ietf.org/html/rfc6234>
>
>> bcrypt came up first in the searched and then scrypt was pointed
>> out along with bcrypt's failings... the question now is being
>> able/willing to use someone else's code or to reinvent the wheel...
>> if it were me, i'd use the other code if its license fits the app
>> in question...
>
> I could code up almost any of these algorithms you want. I have
> reference implementations under Linux to test the validity of my code.
> I would make any such code available under the Berkeley License (or
> GPL v3). Indeed, I would make the source code available to all FPC
> users if there is interest in hashing here.
There always is, I think.
>From my point of view: when coding internet-connected applications,
you often meet all kinds of hashing algorithms.
Michael.
More information about the fpc-pascal
mailing list