Anyway, hashing isn't the be-all and end-all. Its a real good start, but you can do better. Check this out:
http://msdn.microsoft.com/msdnmag/issues/03/08/SecurityBriefs/
CF produces a one-way md5 hash with the hash() function.
The AccessMonger system presently hashes passwords. Literally right now I'm working on a revision that will salt them as well. It should be available on the DevEx by this evening.
There is more you can do, like run the pwd thru a filter to ensure there are numeric values in the word, then strip out the numeric values and run the surviving chars thru a dictionary filter.
--
-------------------------------------------
Matt Robertson, [EMAIL PROTECTED]
MSB Designs, Inc. http://mysecretbase.com
-------------------------------------------
--
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]