On Tue, 27 Oct 2015, David W Noon wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 26 Oct 2015 22:02:23 -0400, Wkitty42 (wkitt...@windstream.net)
wrote about "Re: [fpc-pascal] is scrypt available?" (in
<562edb2f.4080...@windstream.net>):
On 10/26/2015 06:28 PM, David W Noon wrote:
[snip]
I use PostgreSQL, which offers MD5 hashing of passwords as a
built-in, without me adding any of my own (or anybody else's)
code to perform hashing.
sadly MD5 have been being cracked in little time for over a
decade... that's why we're looking at other means...
Well, we can start here:
<https://en.wikipedia.org/wiki/Secure_Hash_Algorithm>
I also own a couple of books by Bruce Schneier, the doyen of cryptography.
More recently, there is RFC 6234. This was published in 2011 and its
hashes are considered secure at the moment.
<https://tools.ietf.org/html/rfc6234>
bcrypt came up first in the searched and then scrypt was pointed
out along with bcrypt's failings... the question now is being
able/willing to use someone else's code or to reinvent the wheel...
if it were me, i'd use the other code if its license fits the app
in question...
I could code up almost any of these algorithms you want. I have
reference implementations under Linux to test the validity of my code.
I would make any such code available under the Berkeley License (or
GPL v3). Indeed, I would make the source code available to all FPC
users if there is interest in hashing here.
There always is, I think.
From my point of view: when coding internet-connected applications,
you often meet all kinds of hashing algorithms.
Michael.
_______________________________________________
fpc-pascal maillist - fpc-pascal@lists.freepascal.org
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal