No, that was a good description. The password itself is not stored. What
is stored is the result of applying a "one way function" to the password.
You always assume the algorithm is known to the attacker but that does
no him/her no good. We don't USUALLY use "encrypt" for a process that is
irreversible (can't decrypt) but that is what a "one way cypher" is
doing. f(P) = Y where although the function f is known, very hard
given Y to determine P <there are such functions>
In order to check whether the password entered later is correct
(matches) it is subjected to the "one way function" and the result
compared to what was stored.
Michael D Novack
In reality it's even a bit more complicated than this, but anyway the
password isn't stored in any way.
Your last sentence gave me a laugh; it directly contradicts your previous
paragraph: "What's stored is the result of applying an algorithm to the
password you supply" -- so the password IS stored in some encrypted fashion
-- at the very least something related to the password is indeed stored.
I've often thought that they may use the password itself as the encryption
hash to encrypt the password, and that would make it (I think) pretty hard
to break, even knowing the algorithm.
--
There is no possibility of social justice on a dead planet except the equality
of the grave.
_______________________________________________
gnucash-user mailing list
[email protected]
To update your subscription preferences or to unsubscribe:
https://lists.gnucash.org/mailman/listinfo/gnucash-user
-----
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
