| Mark Rogaski on Fri, 15 Dec 2000 17:22:40 -0500 (EST) |
|
An entity claiming to be Alex Barylo (hash1024@yahoo.com) wrote: : > : > Then when the user enters their password, you scramble : > it the same way : > and see if the two scrambled versions match. : : I know, I know... That's the way I'd love it to be set : up. But I'm *REQURIED* to store them :( : Then just store them plaintext. If you want to be able to recover the information, then the key needs to be stored on the system and needs to be just as accessible as the ciphered password. So, anyone who is clever enough to view the passwords is clever enough to view the key. Or, if you are relying on the fact that a possible attacker won't be able to guess where the key is, then you are relying on security through obscurity. In this case, the encryption doesn't really matter much. Mark -- Mark Rogaski | "I've said this before but I'll say it again: wendigo@pobox.com | Smashing Pumpkins IS REO Speedwagon." http://www.pobox.com/~wendigo | -- Steve Albini __END__ | Attachment:
pgpxDAV0dbTCM.pgp
|
|