You encrypt the trial password and compare the encrypted values. Bill William Prothero http://ed.earthednet.org
> On Mar 7, 2017, at 3:28 PM, Bob Sneidar via use-livecode > <use-livecode@lists.runrev.com> wrote: > > Thanks Peter. But then how will I know programmatically if the password is > correct or not? > > Bob S > > >> On Mar 6, 2017, at 02:53 , Peter TB Brett via use-livecode >> <use-livecode@lists.runrev.com> wrote: >> >> >> >>> On 03/03/2017 18:00, Bob Sneidar via use-livecode wrote: >>> It looks like the encrypt command is already using this method if >>> the "with salt" arguement is provided? At least the encrypted result >>> starts with "salted" and at least part of the salt value. >>> >> >> Hi Bob, >> >> The "encrypt" command provides symmetric cryptographic functions, i.e. >> you can decrypt the result again to get the cleartext back. This is _not_ a >> desirable property for a password storage system; you should always use >> one-way (asymmetric) functions, such as a cryptographic hash. >> >> Peter >> >> -- >> Dr Peter Brett <peter.br...@livecode.com> > > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode