Could you explain why there can only be 65128 different values? I still maintain that it would be extremely difficult to recover the password from the stored numerical value :-)
John Weller 01380 723235 07976 393631 > -----Original Message----- > From: profoxtech-boun...@leafe.com [mailto:profoxtech-boun...@leafe.com] On Behalf > Of Gérard Lochon > Sent: 21 December 2011 23:01 > To: profoxt...@leafe.com > Subject: Re: Alternatives to storing a user's password in your database > > From: "MB Software Solutions > > >>> I defy anyone to recover the password from the stored value :-). > >> > >> > >> There is a big risk of collision using your method. > >> As the result set is composed of only 65128 different values, > >> it doesn't take a long time to input in the routine a string whose result > >> will be the same value as the stored one ... > > > > Are you saying that two different values could end up with the same > > resulting value from his algorithm? > > Exactly. > You can enter 256**20 (1.461E+48) different strings, but only 65128 > checksums are possible with this algorithm. > > > > [excessive quoting removed by server] _______________________________________________ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/008801ccc035$c3579b80$4a06d280$@co.uk ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
