---------------------------------------------------------This message is sent to you because you are subscribed tothe mailing listI agree that anything less than =a salted hash is an enormous risk for a compromised password. I =don't know why a system would need to decrypt a password except for a =bad reason.BillHi Tom, no time right now... but my .02=A2 =below:> can anyone tell me what algorithm is =used?
You could probably find this out... but it's against =WSC's policy to talk about this publicly. => Also how are other people handing =password storage?
There is a school of thought that passwords =should be a one-way only hash... which ideally, I agree.
[encrypt] =without a seed value does indeed produce the same value.. but there is =also [encrypt method=3Dapop].. which is MD5... you could also use =[Shell] to access higher-bit hash techniques.. but basically, they'd all =work.
It's the random-per-password salting that counts the =most I think.
Donovan=--------------------------------------------------------- =This message is sent to you because you are subscribed to the mailing =list <talk@webdna.us>. To =unsubscribe, E-mail to: <talk-leave@webdna.us>archives:= http://mail.webdna.us/l=ist/talk@webdna.us Bug Reporting: support@webdna.us =
---------------------------------------------------------This message is sent to you because you are subscribed tothe mailing list.To unsubscribe, E-mail to: archives: http://mail.webdna.us/l=ist/talk@webdna.usBug Reporting: support@webdna.us .To unsubscribe, E-mail to: archives: http://mail.webdna.us/l=ist/talk@webdna.usBug Reporting: support@webdna.us
---------------------------------------------------------This message is sent to you because you are subscribed tothe mailing listI agree that anything less than =a salted hash is an enormous risk for a compromised password. I =don't know why a system would need to decrypt a password except for a =bad reason.BillHi Tom, no time right now... but my .02=A2 =below:> can anyone tell me what algorithm is =used?
You could probably find this out... but it's against =WSC's policy to talk about this publicly. => Also how are other people handing =password storage?
There is a school of thought that passwords =should be a one-way only hash... which ideally, I agree.
[encrypt] =without a seed value does indeed produce the same value.. but there is =also [encrypt method=3Dapop].. which is MD5... you could also use =[shell] to access higher-bit hash techniques.. but basically, they'd all =work.
It's the random-per-password salting that counts the =most I think.
Donovan=--------------------------------------------------------- =This message is sent to you because you are subscribed to the mailing =list <talk@webdna.us>. To =unsubscribe, E-mail to: <talk-leave@webdna.us>archives:= http://mail.webdna.us/l=ist/talk@webdna.us Bug Reporting: support@webdna.us =
---------------------------------------------------------This message is sent to you because you are subscribed tothe mailing list.To unsubscribe, E-mail to: archives: http://mail.webdna.us/l=ist/talk@webdna.usBug Reporting: support@webdna.us .To unsubscribe, E-mail to: archives: http://mail.webdna.us/l=ist/talk@webdna.usBug Reporting: support@webdna.us
DOWNLOAD WEBDNA NOW!
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...