[fpc-pascal] is scrypt available?
Frederic Da Vitoria
davitofrg at gmail.com
Thu Oct 29 18:08:05 CET 2015
2015-10-29 17:56 GMT+01:00 Klaus Hartnegg <hartnegg at gmx.de>:
> Am 27.10.2015 um 18:55 schrieb David W Noon:
>
>> <https://en.wikipedia.org/wiki/Secure_Hash_Algorithm>
>>
>
> <https://tools.ietf.org/html/rfc6234>
>>
>
> Do not use a normal hash function to store passwords. If the password file
> is stolen, the attackers can quickly determine most passwords.
>
> There are special algorithms to securely store passwords. Common
> recommendations are: PBKDF2, bcrypt, scrypt.
>
> Explanation from
> https://en.wikipedia.org/wiki/Password_cracking#Prevention
>
> "Many hashes used for storing passwords, such as MD5 and the SHA family,
> are designed for fast computation and efficient implementation in hardware.
> As a result, they are ineffective in preventing password cracking,
> especially with methods like rainbow tables. Using key stretching
> Algorithms, such as PBKDF2, to form password hashes can significantly
> reduce the rate at which passwords can be tested."
>
> See also:
> https://en.wikipedia.org/wiki/Key_derivation_function
>
> scrypt for pascal appears to be offered here:
> http://www.wolfgang-ehrhardt.de/crchash_en.html
>
Good point. I'd even ask the question: do you really need to store the
passwords? IOW, do you want to be able to send them back to the user? Or do
you only need to check them?
--
Frederic Da Vitoria
(davitof)
Membre de l'April - « promouvoir et défendre le logiciel libre » -
http://www.april.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freepascal.org/pipermail/fpc-pascal/attachments/20151029/aa31cafa/attachment.html>
More information about the fpc-pascal
mailing list