Ed Leafe wrote:
Password matching is done by applying the same one-way algorithm to
the submitted password, and if the result is the same as the stored
encrypted value, it's a match.
What about Vassilis' other point that if you know where the encrypted
version of the password is stored, you can save your own encrypted
version over it? Sounds like a good hack but I'm sure it must have been
thought of before. Just wondering what is there to stop this happening.
Peter
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
