Versions des environnements
>>>The hashing is really simple. You can do a test of concept using your user name and applying a MD5 checksum, then you save this MD5 checksum on a variable.
>>>Next time you enter a user name and obtain the MD5 checksum, you compare this checksum with the saved one. If they are equal, the password (whatever it is) is correct, otherwise is not.
>>
>>A bit oversimplified ;-)
>>
>>If the checksum is not identical, pwd is proven to be incorrect. There is a minimal chance that a hash collision happens - meaning a different source will generate the same hash result resulting in allowing some incorrect pwds.But the risk of storing pwd in clear is supposed to be greater than the risk of hash collisions with good hash functions.
>
>Yeah, I know :) But didn't want to overhelm him with hash collisions because it is statistically low the case in which that can happen, and didn't add much clearance on the matter.
>
>Salt values are used to even lower more this occurrence.
Dmitry proves he is smarter than both of us by asking more questions than we combined ;-)
He teaches others to think the problem through himself before asking and to formulate the current problem succinctly, even citing steps already done where necessary/helpful.
And I would dislike for him to be grilled in a meeting because he just says what he was answered here in not enough detail.
Précédent
Suivant
Répondre
Voir le fil de ce thread
Voir le fil de ce thread à partir de ce message seulement
Voir tous les messages de ce thread
Voir tous les messages de ce thread à partir de ce message seulement