On 2014-04-23 11:43, Ed Leafe wrote:
On Apr 23, 2014, at 10:40 AM,
[email protected] wrote:
For those not seeing the other thread, I'm using Craig Boyd's
VFPEncryption.FLL and specifically, the HASH function to save
passwords. I was wondering what level folks used and why. Here are
the choices:
1 = SHA1 (a.k.a SHA160)
2 = SHA256
3 = SHA384
4 = SHA512 *Default
5 = MD5
6 = RIPEMD128
7 = RIPEMD160
Personally, I think the MD5 is fine as it's all cryptic anyway (not
meant to make sense to human readable form) and is only 16 bytes wide.
Really? Storage space is more important than security?
I would recommend bcrypt, simply because it's slow. As computers get
faster, a slow algorithm is preferable over a fast one.
Eh, you're right about space...it's not a consideration. Heck, put it
in 128-byte wide field for all I care...it's not like I'm going to have
gazillion users on this app. If I hit 1000, I'd be dancing.
However...none of those choices in Craig's HASH() function says bcrypt,
and I'd like to use his FLL since it's so convenient and easy to use.
Is bcrypt synonymous with one of those options? His documentation
didn't say. That wiki page I posted on rainbow tables mentioned it
along with MD5-crypt but since you commented on the MD5 choice as you
did, I figured it wasn't that one.
tia,
--Mike
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/[email protected]
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
