From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,2ea9abfbe071a56f X-Google-Attributes: gid103376,public From: Florian Weimer Subject: Re: Saving and Encoding Passwords Date: 1999/11/26 Message-ID: <87u2m8exf8.fsf@deneb.cygnus.argh.org>#1/1 X-Deja-AN: 553567993 References: <38315e1a.0@silver.truman.edu> Mail-Copies-To: never Content-Type: text/plain; charset=us-ascii X-Complaints-To: abuse@cygnus.argh.org X-Trace: deneb.cygnus.argh.org 943652939 12393 192.168.1.2 (26 Nov 1999 21:48:59 GMT) Organization: Penguin on board User-Agent: Gnus/5.070099 (Pterodactyl Gnus v0.99) Emacs/20.4 Mime-Version: 1.0 NNTP-Posting-Date: 26 Nov 1999 21:48:59 GMT Newsgroups: comp.lang.ada Date: 1999-11-26T21:48:59+00:00 List-Id: joshhighley@hotmail.com (Josh Highley) writes: > I'm writing an Ada program that checks email accounts. I'm > storing the user name, password, and other info in a text file that > my program references on startup. Do you need the passwords themselves, or do you want to check whether the password entered by the user is correct? In the latter case, you should not store the password itself, but a cryptographic hash of it. It is considered close to impossible to recover the password from the hash value if the cryptographic hash function is one of the most commonly used and thoroughly analyzed (i.e. MD5 or SHA-1). If your program needs the passwords themselves (for example, to authenticate itself with a POP mail server) and you don't want any user interaction, you can't get much security, because your software must be able to decrypt the passwords -- and so is a possible attacker.