If you use CRC functions you should salt the value. That is adding a few application specific characters before or after the password, then passing the result to SYS(2007) - or whatever else. Adding more sophisticated functions to calculate the hash value would be possible but not add security value. Once you went beyond storing the password, the application (with code injection) becomes the weakest link, not cracking a password.
-- Christof --- StripMime Report -- processed MIME parts --- multipart/alternative text/plain (text body -- kept) text/html --- _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/CAL4QJhhGmUFzwcOK=bg5ptlrlp-xpb6--obkztbg5wgj1fk...@mail.gmail.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
