Hi Stephen, A GUID sounds a good way to go but I don't know how to generate one. There will only be a small number of users so the key will be a low integer.
Regards John John Weller 01380 723235 07976 393631 > -----Original Message----- > From: ProfoxTech [mailto:[email protected]] On Behalf Of > Stephen Russell > Sent: 14 March 2013 13:40 > To: [email protected] > Subject: Re: Password Security > > On Thu, Mar 14, 2013 at 6:45 AM, John Weller <[email protected]> > wrote: > > > I've come out of retirement to write a membership system as a favour. > > I want to put a password front end on it as it will contain personal > > data. I don't want to keep the bad guys out permanently, just make it > > sufficiently difficult that the reward isn't worth the effort. My > > homebrew password system was shown to be flawed so I want to write > > another one which is better. I've just re-read the thread on salting > > and hashing and got lost, most of it went way above my head. From > > what I did understand however a suitable system would be to have a > > 2-column table of usernames and unique salts then a separate table of > > hashes. When the user enters their password the system looks up the > > appropriate salt and tags the password on to the end then passes the > > resulting text string to a hashing algorithm to create a hash. This > > is then looked for in a separate table of hashes and if a match is > > found then the password is accepted as valid. > > > > I have 3 questions: > > > > 1. Is that a suitable system? > > 2. Where can I find a suitable algorithm to create a salt that I can > > use within VFP9? > > 3. Where can I find a suitable hashing algorithm again that can be > > used > > in VFP9? > > ---------------------------- > > > Can you generate a GUID for the key of the user? If so that is a great salt for > the simple systems. It stays with that individual and is a large string of > character/numbers > > -- > Stephen Russell > Sr. Analyst > Ring Container Technology > Oakland TN > > 901.246-0159 cell > > > --- StripMime Report -- processed MIME parts --- multipart/alternative > text/plain (text body -- kept) > text/html > --- > [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
