From: Florian Weimer <fw@s.netic.de>
Subject: Re: Saving and Encoding Passwords
Date: 1999/11/26
Date: 1999-11-26T21:48:59+00:00 [thread overview]
Message-ID: <87u2m8exf8.fsf@deneb.cygnus.argh.org> (raw)
In-Reply-To: 38315e1a.0@silver.truman.edu
joshhighley@hotmail.com (Josh Highley) writes:
> I'm writing an Ada program that checks email accounts. I'm
> storing the user name, password, and other info in a text file that
> my program references on startup.
Do you need the passwords themselves, or do you want to check whether
the password entered by the user is correct? In the latter case, you
should not store the password itself, but a cryptographic hash of it.
It is considered close to impossible to recover the password from
the hash value if the cryptographic hash function is one of the most
commonly used and thoroughly analyzed (i.e. MD5 or SHA-1).
If your program needs the passwords themselves (for example, to
authenticate itself with a POP mail server) and you don't want any user
interaction, you can't get much security, because your software must
be able to decrypt the passwords -- and so is a possible attacker.
next prev parent reply other threads:[~1999-11-26 0:00 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
1999-11-16 0:00 Saving and Encoding Passwords Josh Highley
1999-11-17 0:00 ` Gisle S�lensminde
1999-11-17 0:00 ` Ted Dennison
1999-11-17 0:00 ` Josh Highley
1999-11-26 0:00 ` Florian Weimer [this message]
1999-11-27 0:00 ` Larry Kilgallen
1999-11-28 0:00 ` Florian Weimer
1999-11-28 0:00 ` Larry Kilgallen
1999-11-29 0:00 ` Samuel T. Harris
1999-12-01 0:00 ` Robert I. Eachus
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox