[one-users] ONE_AUTH file encryption
David O'Callaghan
david.ocallaghan at cs.tcd.ie
Wed Feb 17 08:44:37 PST 2010
Hi,
On 17/02/10 10:04, Jeroen Nijhof wrote:
> Just an idea but why not using the sha1 encrypted string in the ONE_AUTH
> file?
[...]
> I can supply a patch for implementing this but I need to know if it's a
> good idea...
I'm jumping into a conversation which I haven't been following closely,
so sorry if I'm missing something, but
http://codahale.com/how-to-safely-store-a-password/ explains why SHA1 et
al. are not suitable for storing password hashes.
However, if this is for compatibility with existing services, etc. then
I guess it's too late!
Kind regards,
David
--
Ánra Taighde - Scoil na hEolaíochta Ríomhaireachta ⁊ na Staitisticí,
Coláiste na Tríonóide, Baile Átha Cliath 2
Research Fellow - School of Computer Science & Statistics,
Trinity College, Dublin 2 Guthán / Telephone: +353 1 896 1536
More information about the Users
mailing list