I've come out of retirement to write a membership system as a favour. I want to put a password front end on it as it will contain personal data. I don't want to keep the bad guys out permanently, just make it sufficiently difficult that the reward isn't worth the effort. My homebrew password system was shown to be flawed so I want to write another one which is better. I've just re-read the thread on salting and hashing and got lost, most of it went way above my head. From what I did understand however a suitable system would be to have a 2-column table of usernames and unique salts then a separate table of hashes. When the user enters their password the system looks up the appropriate salt and tags the password on to the end then passes the resulting text string to a hashing algorithm to create a hash. This is then looked for in a separate table of hashes and if a match is found then the password is accepted as valid.
I have 3 questions: 1. Is that a suitable system? 2. Where can I find a suitable algorithm to create a salt that I can use within VFP9? 3. Where can I find a suitable hashing algorithm again that can be used in VFP9? Any help or advice will be gratefully received! John John Weller 01380 723235 07976 393631 _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
