On November 2, 2015 5:29:29 AM GMT+01:00, Ralf Quint <freedos...@gmail.com> 
wrote:

>The downside of that approach however is that it this opens up the 
>possibility to create a matching hash on "inappropriate" passwords (too
>
>short, easy to look up/guess) and hence get access...

And that's why we use cryptographically secure hash functions. This prevents 
the malicious attacker from creating a collision on purpose, and with a random 
collision at p = 1/2**128 you can practically ignore that possibility. It is 
more probable that the comparison function gets a zap from some cosmic ray and 
tells you a one for a zero.
_______________________________________________
fpc-pascal maillist  -  fpc-pascal@lists.freepascal.org
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal

Reply via email to