You should store passwords in an encrypted form for several reasons:
1) Security. Only the user knows the plain-text passphrase. Not even Admin
can decipher it, short of a brute force
attack.
2) Security. If your db is compromised the passwords are still protected.
Trying to log in using the hash will not
work.
3) Security. Hashes typically have a fixed length. This not only helps by
allowing the dba to know exactly how big
the field is going to be but, also, obfuscates the password length. My
password may only be 6 characters but,
MD5 will create a 40 character hash.
In short, hashes are used for security; yours, your employer's, and your
client's.
Steve
-----Original Message-----
From: Robert Everland III [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 17, 2000 5:55 PM
To: CF-Talk
Subject: RE: Storing passwords in database as one way hash
But if it's a one way hash, why do you need to store it, you can't decrypt
it. What is the purpose?
Bob Everland
------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message
with 'unsubscribe' in the body to [EMAIL PROTECTED]
