[Gambas-user] Setting up passwords for program users
richard terry
rterry at ...1822...
Wed Jul 9 00:47:17 CEST 2008
On Wed, 9 Jul 2008 08:27:38 am Leonardo Miliani wrote:
> richard terry ha scritto:
> > I wondered if anyone had experience/code/examples of how to create/save
> > encrypted passwords in a database?
> >
> > Thanks in advance.
> >
> > Richard
Thanks,
I searched the web ++ before a C++ programming mate of mine said "check your
language, they all come with encryption stuff, so I noticed gb.crypt which
says:
Crypt.MD5 (gb.crypt)
Syntax
STATIC FUNCTION MD5 ( Password AS String [ , Prefix AS String ] ) AS String
Crypts the string Password with the MD5 algorithm by using Prefix as prefix.
Prefix must have a size of 8 characters, among:
0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./
If Prefix is not specified, it is randomized.
So I'd assume I could use this, with your logic below as the implementation?
Thanks for your info.
> > -------------------------------------------------------------------------
> > Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
> > Studies have shown that voting for your favorite open source project,
> > along with a healthy diet, reduces your potential for chronic lameness
> > and boredom. Vote Now at http://www.sourceforge.net/community/cca08
> > _______________________________________________
> > Gambas-user mailing list
> > Gambas-user at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/gambas-user
>
> The only and secure way to store a password in a file/db is to use an
> hash algorithm and stores only the hash of your password.
> I used SHA256 and/or MD5 (I prefer the first one, more robust).
> So:
>
> 1) ask you user to enter a password
> 2) create the hash of that password with SHA or MD5
> 3) store the hash
> 4) when the user logs in again, you compare the hash of the entered
> password with the hash of the stored one: if they are identical, the
> user has entered the original password
>
> Why use an hash? Because an hash is a cryptographic function that
> generates a check sum from which it is (or it should be) impossible to
> calculate the datas that have been generated it.
More information about the User
mailing list