Re: Hash MD5, Sha1 and Length
- From: rossum <rossum48@xxxxxxxxxxxx>
- Date: Thu, 17 Sep 2009 15:30:52 +0100
On Thu, 17 Sep 2009 04:32:37 -0700 (PDT), shapper <mdmoura@xxxxxxxxx>
wrote:
On Sep 16, 8:19 pm, rossum <rossu...@xxxxxxxxxxxx> wrote:Yes, a password has no spaces while a passphrase may do so.
Password lengths should be specified in either company policy or user
instructions. Six or eight characters is a minimum with a maximum of
fifteen or twenty for passwords or 100 for passphrases. You may also
want to enforce the use of mixed case, digits and non-alphanum
characters.
When you say passphrases you mean that when using passwords a space
shouldn't be allowed?
Passphrases are usually longer, which should make them more secure.
I am just wondering if I should include that in validation of theIf there are rules for a correctly formed password/phrase then those
form.
rules should be enforced.
rossum
I do think that you should stay with a fixed length salt. If not then
the minumum length is 8 bytes (64 bits) and the maximum 32 bytes (256
bits)
Yes yes I will keep salt a fixed length. I was just wondering the
minimum and maximum size of passwords and salt also to be able to
define a proper length on the SQL table columns.
Thank You,
Miguel
.
- Follow-Ups:
- Re: Hash MD5, Sha1 and Length
- From: Scott Seligman
- Re: Hash MD5, Sha1 and Length
- References:
- Re: Hash MD5, Sha1 and Length
- From: shapper
- Re: Hash MD5, Sha1 and Length
- From: rossum
- Re: Hash MD5, Sha1 and Length
- From: Peter Duniho
- Re: Hash MD5, Sha1 and Length
- From: shapper
- Re: Hash MD5, Sha1 and Length
- From: rossum
- Re: Hash MD5, Sha1 and Length
- From: shapper
- Re: Hash MD5, Sha1 and Length
- From: rossum
- Re: Hash MD5, Sha1 and Length
- From: shapper
- Re: Hash MD5, Sha1 and Length
- Prev by Date: Re: How to hide .net tab control's page headers
- Next by Date: Re: Image.FromFile - Locks File
- Previous by thread: Re: Hash MD5, Sha1 and Length
- Next by thread: Re: Hash MD5, Sha1 and Length
- Index(es):
Relevant Pages
|
