You can use md5 to create a hash of a file or a string. The principle is the same. In this case a hash of the password is created and stored. If the user resets his password a hash of the password is created and compared against earlier hashes to see if he has already used this password. The benefit of md5 is of course that its a one-way-hash mechanism, i.e. if you have the hash you will not be able to tell what the password was, so it is considered safe.
For the options for md5, check man md5 http://seth.positivism.org/man.cgi/md5 Regards, Michiel On 7/10/06, McKenzie, James J C-E LCMC HQISEC/L3 <[EMAIL PROTECTED]> wrote:
** Axton: Since my knowledge of using md5 to create the hash is limited, is this the correct command line to do so? I have always used md5 too 'unhash' a file to insure its contents are untampered. James McKenzie -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Axton Grams Sent: Friday, July 07, 2006 3:31 PM To: [email protected] Subject: Re: BFS Strong Password 2.5.1 - Errors when setting up software http://www.fourmilab.ch/md5/ http://www.vonwangelin.com/md5/ http://ourworld.compuserve.com/homepages/pagrosse/hash.htm Take your pick. Just put the executable/dll's into the arsystem directory. Axton Grams Kim Moody wrote: > James, > > I have installed this application on our development box and also have > has an issue with the MD5. According to the doc the MD5 "creates a > one way hash of the proposed new password, and then workflow compares > the hash against previously created hashes." > > I ran a filter log and captured the following information: > > /* Tue Apr 04 2006 15:42:24.9575 */Start filter processing -- >>> Operation >> - CREATE >>> BFS:USR_History - <NULL> >>> Checking BFS:USRHIS_SetEncryptedPWD01 (500) >>> --> Passed -- perform actions >>> 0: Set Fields >>> "C:\Program Files\AR System\md5.exe" -d"abcdefg!" >>> Exit code: 1 Value: **** Error while performing >>> filter action >>> /* Tue Apr 04 2006 15:42:24.9759 */ End of filter processing >> (phase 1) > > The only way I could get it to work is not using the password > hashing/encryption. So the passwords in the password history are not > encrypted. > > I emailed the developer about the issue in April and have not heard > back yet. > > Hope that helps, > > Kim Moody > University of Houston > > ______________________________________________________________________ > _________ UNSUBSCRIBE or access ARSlist Archives at > http://www.wwrug.org > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org __20060125_______________________This posting was submitted with HTML in it___
_______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
