On Jan 9, 2010, at 11:35 AM, D. Richard Hipp wrote: > > On Jan 9, 2010, at 11:29 AM, Ron Aaron wrote: > >> On Saturday 09 January 2010 18:21:00 D. Richard Hipp wrote: >> >>> There is a trade-off. >>> >>> You can store an cryptographic checksum of the password in the user >>> table. ... >>> Or you can store the cleartext password in the user >>> table and send a cryptographic checksum of the password... >> >> There is another option: send a crypto checksum over the wire, and >> store a >> different sum in the user table. Then the server file does not >> have a >> cleartext password, nor is one sent on the wire. > > > I'm not familiar with that algorithm. Can you explain or provide a > link?
Wait - I think I get it. Feed the user-supplied password through a cryptographic hash to convert the "real" password that is the shared secret. Store only the shared secret on the server. Then use the current algorithm to security authenticate using the shared secret. Breaking into the server still allows an attacker to recover the shared secret and then log into the server in the future, but they cannot recover the original password text which might be used on other unrelated systems. OK. I'll work on that. D. Richard Hipp d...@hwaci.com _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
