How to save passwords more secure?!
Casey Harkins
caseyharkins at gmail.com
Sun Jun 22 00:42:31 EDT 2008
On Sun, 2008-06-22 at 02:45 +0200, skyout at wired-security.net wrote:
> So my question is: Isn't there a more secure and better way to save
> passwords
As Hylke already responded with a link to the relevant wiki page, I
assume this and most of your other points were addressed.
>
> Just a suggestion: Would it work to make something like a hash algorithm
> (maybe
> use an existing like SHA-512)
I just wanted to point out that hashing is not really an option. The
servers we authenticate with need the real password, not a hash. Since
hashing is one-way, we wouldn't be able to authenticate with only a
hash. If servers accepted a hash, then we're back to square one as the
hash could be pulled from the file and sent directly to the
server. (This should probably get added to the wiki page too as I think
its come up a few times.)
-casey
More information about the Devel
mailing list