Thanks for your answers, I am learning. Alexandre
On 25 Oct 2011, at 03:40, Milan Mimica wrote: > On 25 October 2011 04:43, mail list <[email protected]> wrote: > Someone may have already replied as I am writing this on a plane but > generally for passwords you do not write a decrypt method for security > purposes (eg you do not want people to be able to reverse engineer the > encrypted password easily) > > You just compare encrypted passwords to see if they are equal. > eg > password:= SecureHashAlgorithm new hashMessage: aClearTextPass. > > then later on you check > password = SecureHashAlgorithm new hashMessage: aPasswordAttempt. > > > To make it slightly more secure, you can put a little salt in it: > > salt := 'Some random string I just cam up with 123' > > password:= SecureHashAlgorithm new hashMessage: salt, aClearTextPass. > > check: > password = SecureHashAlgorithm new hashMessage: salt, aPasswordAttempt. > > That way you make it more difficult for the attacker to brute-force guess the > password when the user supplies a weak password. > > > -- > Milan Mimica > http://sparklet.sf.net -- _,.;:~^~:;._,.;:~^~:;._,.;:~^~:;._,.;:~^~:;._,.;: Alexandre Bergel http://www.bergel.eu ^~:;._,.;:~^~:;._,.;:~^~:;._,.;:~^~:;._,.;:~^~:;.
