[fpc-pascal] is scrypt available?
Frederic Da Vitoria
davitofrg at gmail.com
Fri Oct 30 16:56:44 CET 2015
2015-10-30 16:39 GMT+01:00 Jonas Maebe <jonas.maebe at elis.ugent.be>:
>
> Frederic Da Vitoria wrote on Fri, 30 Oct 2015:
>
> Do you really need to compare them or simply to validate them? I ask
>> because in one project I worked on for an insurance company, we were
>> forbidden to store the passwords. We stored only a kind of checksum for
>> them. With something like CRC32 or even a higher resolution algorithm, you
>>
>
> Never ever use CRC32 in a crypto context, it's completely unsuited and
> easily cracked. The subject of this thread is already about finding an
> implementation for scrypt, which is a (at this time considered) secure
> hashing algorithm.
>
My point is precisely that in this situation, there would be nothing to
crypt. Just check validity. So use CRC64 if you want (the size difference
won't probably be relevant by current standards), but don't store the
actual password. What isn't there can't be cracked, not even with future
technology :-)
--
Frederic Da Vitoria
(davitof)
Membre de l'April - « promouvoir et défendre le logiciel libre » -
http://www.april.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freepascal.org/pipermail/fpc-pascal/attachments/20151030/168fc4cf/attachment.html>
More information about the fpc-pascal
mailing list