On Thu, Mar 14, 2013 at 6:45 AM, John Weller <[email protected]> wrote:
> I've come out of retirement to write a membership system as a favour. I > want to put a password front end on it as it will contain personal data. I > don't want to keep the bad guys out permanently, just make it sufficiently > difficult that the reward isn't worth the effort. My homebrew password > system was shown to be flawed so I want to write another one which is > better. I've just re-read the thread on salting and hashing and got lost, > most of it went way above my head. From what I did understand however a > suitable system would be to have a 2-column table of usernames and unique > salts then a separate table of hashes. When the user enters their password > the system looks up the appropriate salt and tags the password on to the > end > then passes the resulting text string to a hashing algorithm to create a > hash. This is then looked for in a separate table of hashes and if a match > is found then the password is accepted as valid. > > I have 3 questions: > > 1. Is that a suitable system? > 2. Where can I find a suitable algorithm to create a salt that I can > use within VFP9? > 3. Where can I find a suitable hashing algorithm again that can be > used > in VFP9? > ---------------------------- Can you generate a GUID for the key of the user? If so that is a great salt for the simple systems. It stays with that individual and is a large string of character/numbers -- Stephen Russell Sr. Analyst Ring Container Technology Oakland TN 901.246-0159 cell --- StripMime Report -- processed MIME parts --- multipart/alternative text/plain (text body -- kept) text/html --- _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/CAJidMYLW=gcm09oa4ysneui-bq_tcfp_3eojhyzsx-0z9d_...@mail.gmail.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
