Am 27.10.2015 um 18:55 schrieb David W Noon:
<https://en.wikipedia.org/wiki/Secure_Hash_Algorithm>
<https://tools.ietf.org/html/rfc6234>
Do not use a normal hash function to store passwords. If the password
file is stolen, the attackers can quickly determine most passwords.
There are special algorithms to securely store passwords. Common
recommendations are: PBKDF2, bcrypt, scrypt.
Explanation from
https://en.wikipedia.org/wiki/Password_cracking#Prevention
"Many hashes used for storing passwords, such as MD5 and the SHA family,
are designed for fast computation and efficient implementation in
hardware. As a result, they are ineffective in preventing password
cracking, especially with methods like rainbow tables. Using key
stretching Algorithms, such as PBKDF2, to form password hashes can
significantly reduce the rate at which passwords can be tested."
See also:
https://en.wikipedia.org/wiki/Key_derivation_function
scrypt for pascal appears to be offered here:
http://www.wolfgang-ehrhardt.de/crchash_en.html
_______________________________________________
fpc-pascal maillist - fpc-pascal@lists.freepascal.org
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
