At 08:50 -0800 on 01/10/2007, John Mattson wrote about Forbidding
Special characters in passwords:
I am constantly amazed at the number of sites which FORBID the use of
special characters in passwords and userid's. And by the sites which
LIMIT the length of passwords and userid's. Since the number of possible
combinations increases exponentially with the possibe values for each
character and the number of characters, I cannot fathom why they impose
such limits.
Accept a reasonable length password/phrase and then Hash it (such as
with MD5 with creates a 16 Byte Hash value). To verify the correct
entry, you just accept it again, Hash, and compare the two Hashes.
There is no need to ever store the original password. If you want to
keep the 8 Byte PW Length, just XOR the first 8 Bytes with the second
8 Bytes.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
