Hello, I'm using a nice little GDBM file for authentication. It just stores users and passwords as SHA1 hashes. When I need to authenticate someone (fewer than 15 lines in the dbm file) I just tie it and compare the SHA'd user input against the hex value in the dbm file. (The file is not publicly readable.)
It has been suggested, however, that this is not adequately secure and that the passwords would be better stored crypted or some such. I don't really see the difference between a SHA password and a crypted password in this context. Wouldn't they be equally difficult to crack? Oh, I should add that the authenticator runs as part of a server daemon on a remote system, and so authentication is performed as the same user each time. Just wanted to collect some opinions before I go further. (I'm perfectly willing to accept the possibility I'm wrong--if I weren't I wouldn't ask--so fire away.) Thanks, John -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
