Re: reveal password fix needed
From: Dave (Nobody_at_Nowhere.Com)
Date: 12/07/04
- Next message: Venedict: "Re: MDI Form and Command Line function"
- Previous message: J French: "Re: Database software without a database"
- In reply to: Bonj: "Re: reveal password fix needed"
- Next in thread: Galen Somerville: "Re: reveal password fix needed"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 7 Dec 2004 11:09:14 -0000
> Is there any point in a hash at all?
> If they can't reverse the hash to produce the original password, they
> could
> reverse the hash to something which would produce that hash again.
> Couldn't
> they? Wouldn't that be good enough?
Er, how?
Reversing the hash to provide a equivilent initial code is (if the hash is
well designed) beyond the means of anybody not degree level trained in
cryptology, you could try brute force, but that would work against any
password. I disable the program for 5 minutes after 3 bad passwords which
would make brute force out of the question. (I also note the attempt in an
audit trail but that is a different story)
If you think the hash is too weak, then do 2 different hashes and either
join or interlace the two, then an interloper would have to find a reverse
which would work for both hashes simultaneously - probably not possible.
I do a simple hash based on the ascii values and the position of each
character, my way of making it hard to reverse is to throw away most of the
significant figures, I get a 10 digit number which I think would be hard to
crack.
If you are still worried about the mask, don't bother with it, actually show
blobs or asterisks and redirect keyboard entry to a string and do all the
hard stuff in code.
Dave.
- Next message: Venedict: "Re: MDI Form and Command Line function"
- Previous message: J French: "Re: Database software without a database"
- In reply to: Bonj: "Re: reveal password fix needed"
- Next in thread: Galen Somerville: "Re: reveal password fix needed"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
