[fpc-pascal] is scrypt available?

[wkitty42 at windstream.net]

On 10/30/2015 11:30 AM, Frederic Da Vitoria wrote:
> 2015-10-30 0:33 GMT+01:00 <wkitty42 at windstream.net
> <mailto:wkitty42 at windstream.net>>:
>
>     On 10/29/2015 01:08 PM, Frederic Da Vitoria wrote:
>
>         Good point. I'd even ask the question: do you really need to store the
>         passwords? IOW, do you want to be able to send them back to the user? Or do
>         you only need to check them?
>
>
>     in the use case being studied, passwords can only be compared or reset...
>
>
> Do you really need to compare them or simply to validate them? I ask because in
> one project I worked on for an insurance company, we were forbidden to store the
> passwords. We stored only a kind of checksum for them.

that's what i meant... store only the hash and then compare the hashes...

> With something like CRC32 or even a higher resolution algorithm, you can
> efficiently check that the password is correct (with really low chances of
> false positives), minimize the storage space required and completely
> eradicate the possibility that someone will get the actual passwords from
> your database. This could be relevant if this is for a web site, many people
> use the same password on all the web sites so that if their password is
> revealed on one site, they would need to change all their passwords.

this is for an old-school BBS that's being updated for the modern world... you 
remember BBSes, right? those things we used to dial into before the internet 
came along? back before win95 was foisted on the world? they used to be run on a 
few different mainframes, PDP-11s, Radio Shack Color Computers (aka the coco), 
TRS-80s, Apple //c, Macintoshes, IBMPC compatibles, TI-99s and many others ;)

-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.