On 25 October 2011 04:43, mail list <[email protected]> wrote: > Someone may have already replied as I am writing this on a plane but > generally for passwords you do not write a decrypt method for security > purposes (eg you do not want people to be able to reverse engineer the > encrypted password easily) > > You just compare encrypted passwords to see if they are equal. > eg > password:= SecureHashAlgorithm new hashMessage: aClearTextPass. > > then later on you check > password = SecureHashAlgorithm new hashMessage: aPasswordAttempt. >
To make it slightly more secure, you can put a little salt in it: salt := 'Some random string I just cam up with 123' password:= SecureHashAlgorithm new hashMessage: salt, aClearTextPass. check: password = SecureHashAlgorithm new hashMessage: salt, aPasswordAttempt. That way you make it more difficult for the attacker to brute-force guess the password when the user supplies a weak password. -- Milan Mimica http://sparklet.sf.net
