numero = 110785
interpreted = N
texte = --Apple-Mail=_6B24514A-B49F-4FA4-B59D-DE17A0B70E11 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-8859-1 Interesting guidelines here: https://crackstation.net/hashing-security.htm Regards Stuart Tremain IDFK Web Developments AUSTRALIA webdna@idfk.com.au On 03/10/2013, at 10:19 AM, Bill DeVaul wrote: > I agree that anything less than a salted hash is an enormous risk for = a compromised password. I don't know why a system would need to decrypt = a password except for a bad reason. =20 >=20 > Bill >=20 > On Oct 2, 2013, at 6:06 PM, Donovan Brooke wrote: >=20 >> Hi Tom, no time right now... but my .02=A2 below: >>=20 >> > can anyone tell me what algorithm is used? >>=20 >>=20 >> You could probably find this out... but it's against WSC's policy to = talk about this publicly.=20 >>=20 >>=20 >> > Also how are other people handing password storage? >>=20 >>=20 >> There is a school of thought that passwords should be a one-way only = hash... which ideally, I agree.=20 >> [encrypt] without a seed value does indeed produce the same value.. = but there is also [encrypt method=3Dapop].. which is MD5... you could = also use [Shell] to access higher-bit hash techniques.. but basically, = they'd all work. =20 >>=20 >> It's the random-per-password salting that counts the most I think.=20 >>=20 >> Donovan >>=20 >>=20 >> =20 >>> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list = . To unsubscribe, E-mail to: = archives: = http://mail.webdna.us/list/talk@webdna.us Bug Reporting: = support@webdna.us >>=20 >> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list . = To unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us Bug Reporting: = support@webdna.us > --------------------------------------------------------- This message = is sent to you because you are subscribed to the mailing list . To = unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us Bug Reporting: = support@webdna.us --Apple-Mail=_6B24514A-B49F-4FA4-B59D-DE17A0B70E11 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=iso-8859-1 Interesting guidelines here:
On 03/10/2013, at 10:19 AM, Bill DeVaul <wdevaul@gmail.com> = wrote:
I agree that anything less than = a salted hash is an enormous risk for a compromised password. I = don't know why a system would need to decrypt a password except for a = bad reason.
Bill
On = Oct 2, 2013, at 6:06 PM, Donovan Brooke <dbrooke@webdna.us> = wrote:
Hi Tom, no time right now... but my .02=A2 = below:
> can anyone tell me what algorithm is = used?
You could probably find this out... but it's against = WSC's policy to talk about this publicly. =
> Also how are other people handing = password storage?
There is a school of thought that passwords = should be a one-way only hash... which ideally, I agree. [encrypt] = without a seed value does indeed produce the same value.. but there is = also [encrypt method=3Dapop].. which is MD5... you could also use = [Shell] to access higher-bit hash techniques.. but basically, they'd all = work.
It's the random-per-password salting that counts the = most I think.
--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/l= ist/talk@webdna.us Bug Reporting: support@webdna.us
--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/l= ist/talk@webdna.us Bug Reporting: support@webdna.us
= --Apple-Mail=_6B24514A-B49F-4FA4-B59D-DE17A0B70E11--
Associated Messages, from the most recent to the oldest:
--Apple-Mail=_6B24514A-B49F-4FA4-B59D-DE17A0B70E11 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-8859-1 Interesting guidelines here: https://crackstation.net/hashing-security.htm Regards Stuart Tremain IDFK Web Developments AUSTRALIA webdna@idfk.com.au On 03/10/2013, at 10:19 AM, Bill DeVaul wrote: > I agree that anything less than a salted hash is an enormous risk for = a compromised password. I don't know why a system would need to decrypt = a password except for a bad reason. =20 >=20 > Bill >=20 > On Oct 2, 2013, at 6:06 PM, Donovan Brooke wrote: >=20 >> Hi Tom, no time right now... but my .02=A2 below: >>=20 >> > can anyone tell me what algorithm is used? >>=20 >>=20 >> You could probably find this out... but it's against WSC's policy to = talk about this publicly.=20 >>=20 >>=20 >> > Also how are other people handing password storage? >>=20 >>=20 >> There is a school of thought that passwords should be a one-way only = hash... which ideally, I agree.=20 >> [encrypt] without a seed value does indeed produce the same value.. = but there is also [encrypt method=3Dapop].. which is MD5... you could = also use [shell] to access higher-bit hash techniques.. but basically, = they'd all work. =20 >>=20 >> It's the random-per-password salting that counts the most I think.=20 >>=20 >> Donovan >>=20 >>=20 >> =20 >>> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list = . To unsubscribe, E-mail to: = archives: = http://mail.webdna.us/list/talk@webdna.us Bug Reporting: = support@webdna.us >>=20 >> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list . = To unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us Bug Reporting: = support@webdna.us > --------------------------------------------------------- This message = is sent to you because you are subscribed to the mailing list . To = unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us Bug Reporting: = support@webdna.us --Apple-Mail=_6B24514A-B49F-4FA4-B59D-DE17A0B70E11 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=iso-8859-1 Interesting guidelines here:
On 03/10/2013, at 10:19 AM, Bill DeVaul <wdevaul@gmail.com> = wrote:
I agree that anything less than = a salted hash is an enormous risk for a compromised password. I = don't know why a system would need to decrypt a password except for a = bad reason.
Bill
On = Oct 2, 2013, at 6:06 PM, Donovan Brooke <dbrooke@webdna.us> = wrote:
Hi Tom, no time right now... but my .02=A2 = below:
> can anyone tell me what algorithm is = used?
You could probably find this out... but it's against = WSC's policy to talk about this publicly. =
> Also how are other people handing = password storage?
There is a school of thought that passwords = should be a one-way only hash... which ideally, I agree. [encrypt] = without a seed value does indeed produce the same value.. but there is = also [encrypt method=3Dapop].. which is MD5... you could also use = [shell] to access higher-bit hash techniques.. but basically, they'd all = work.
It's the random-per-password salting that counts the = most I think.
--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/l= ist/talk@webdna.us Bug Reporting: support@webdna.us
--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/l= ist/talk@webdna.us Bug Reporting: support@webdna.us
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...