Den 2012-04-19 10:17 skrev Dmitry Yemanov såhär: > 19.04.2012 12:02, Mark Rotteveel wrote: > >> Ok, that sounds relatively easy. What is the hashing algorithm, and where >> in the Firebird sources can I find its implementation? > Something derived from DES, AFAIK. See ENC_crypt(), located in /src/jrd/ > (pre-FB3) or in /src/common/ (trunk).
Er... I am a real novice when it comes to security, but perhaps you in the dev team should read this, which has something to say about passord hashes based on DES (too fast): http://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html I've also seen mention of Rfc2898, which seems to be a good option for password hashes. Kjell -- -------------------------------------- Kjell Rilbe DataDIA AB E-post: [email protected] Telefon: 08-761 06 55 Mobil: 0733-44 24 64 ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
