[fpc-pascal] is scrypt available?

Frederic Da Vitoria davitofrg at gmail.com
Thu Oct 29 18:08:05 CET 2015

2015-10-29 17:56 GMT+01:00 Klaus Hartnegg <hartnegg at gmx.de>:

> Am 27.10.2015 um 18:55 schrieb David W Noon:
>> <https://en.wikipedia.org/wiki/Secure_Hash_Algorithm>
> <https://tools.ietf.org/html/rfc6234>
> Do not use a normal hash function to store passwords. If the password file
> is stolen, the attackers can quickly determine most passwords.
> There are special algorithms to securely store passwords. Common
> recommendations are: PBKDF2, bcrypt, scrypt.
> Explanation from
> https://en.wikipedia.org/wiki/Password_cracking#Prevention
> "Many hashes used for storing passwords, such as MD5 and the SHA family,
> are designed for fast computation and efficient implementation in hardware.
> As a result, they are ineffective in preventing password cracking,
> especially with methods like rainbow tables. Using key stretching
> Algorithms, such as PBKDF2, to form password hashes can significantly
> reduce the rate at which passwords can be tested."
> See also:
> https://en.wikipedia.org/wiki/Key_derivation_function
> scrypt for pascal appears to be offered here:
> http://www.wolfgang-ehrhardt.de/crchash_en.html

Good point. I'd even ask the question: do you really need to store the
passwords? IOW, do you want to be able to send them back to the user? Or do
you only need to check them?

Frederic Da Vitoria

Membre de l'April - « promouvoir et défendre le logiciel libre » -
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freepascal.org/pipermail/fpc-pascal/attachments/20151029/aa31cafa/attachment.html>

More information about the fpc-pascal mailing list