On Tue, 27 Oct 2015, David W Noon wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 26 Oct 2015 22:02:23 -0400, Wkitty42 (wkitt...@windstream.net)
wrote about "Re: [fpc-pascal] is scrypt available?" (in
<562edb2f.4080...@windstream.net>):

On 10/26/2015 06:28 PM, David W Noon wrote:
[snip]
I use PostgreSQL, which offers MD5 hashing of passwords as a
built-in, without me adding any of my own (or anybody else's)
code to perform hashing.

sadly MD5 have been being cracked in little time for over a
decade... that's why we're looking at other means...

Well, we can start here:

<https://en.wikipedia.org/wiki/Secure_Hash_Algorithm>

I also own a couple of books by Bruce Schneier, the doyen of cryptography.

More recently, there is RFC 6234. This was published in 2011 and its
hashes are considered secure at the moment.

<https://tools.ietf.org/html/rfc6234>

bcrypt came up first in the searched and then scrypt was pointed
out along with bcrypt's failings... the question now is being
able/willing to use someone else's code or to reinvent the wheel...
if it were me, i'd use the other code if its license fits the app
in question...

I could code up almost any of these algorithms you want. I have
reference implementations under Linux to test the validity of my code.
I would make any such code available under the Berkeley License (or
GPL v3). Indeed, I would make the source code available to all FPC
users if there is interest in hashing here.

There always is, I think.

From my point of view: when coding internet-connected applications,
you often meet all kinds of hashing algorithms.

Michael.
_______________________________________________
fpc-pascal maillist  -  fpc-pascal@lists.freepascal.org
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal

Reply via email to