[Chugalug] Why you don't store passwords, explained

Stephen Kraus ub3ratl4sf00 at gmail.com
Tue Nov 5 23:07:36 UTC 2013


Ok, thanks for correcting me Dave.

The more I know!
On Nov 5, 2013 6:06 PM, "Dave Brockman" <dave at brockmans.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 11/5/2013 5:29 PM, Stephen Kraus wrote:
> > Let me clarify: the hashes are associated with the seperate
> > usernames and passwords on a seperate database
>
> No, at no point does my password need to be in ANY database.  The
> appliation needs to know how to recreate the hash, salt to taste, and
> compare that to what is stored in its tables.  If they match, you are
> good.  If they do not, you entered the wrong password.
>
> Regards,
>
> dtb
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQEcBAEBAgAGBQJSeXgCAAoJEMP+wtEOVbcd9k0H/iNQurKdEhWyXvN22vuiKNYh
> M8d2sg3UX88ryHKB8AbubsDgs0Wy8NWAK5ZoA5eCtob5csvQuUHowcrZjp4gTP8o
> f9Nc/tm1mSbaluKbArX+S2aJYLIVn1w399psV3EVW+/XmvwXNGZJ/SZOhHicaLYX
> 3jGRdvxx2Dt6C6Kd7AC+I4XV3H1qiGqrhqaeu1bO44iGKU682wLtbDx5+g4ymPdn
> Z9c7IM1865qGaVIlczcqeeunrGYbcV6OJvwb+KER/S8gntW4VKXcO276+EfdvpKn
> K1cTvnBh1FTE34goiFro8bIxWp6fzUtGkZZuLufTqiZ+w3UwGyVpXTbMoVM7vKI=
> =jlEe
> -----END PGP SIGNATURE-----
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20131105/ee8260c1/attachment.html>


More information about the Chugalug mailing list