-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 26 Oct 2015 22:02:23 -0400, Wkitty42 (wkitt...@windstream.net) wrote about "Re: [fpc-pascal] is scrypt available?" (in <562edb2f.4080...@windstream.net>):
> On 10/26/2015 06:28 PM, David W Noon wrote: [snip] >> I use PostgreSQL, which offers MD5 hashing of passwords as a >> built-in, without me adding any of my own (or anybody else's) >> code to perform hashing. > > sadly MD5 have been being cracked in little time for over a > decade... that's why we're looking at other means... Well, we can start here: <https://en.wikipedia.org/wiki/Secure_Hash_Algorithm> I also own a couple of books by Bruce Schneier, the doyen of cryptography. More recently, there is RFC 6234. This was published in 2011 and its hashes are considered secure at the moment. <https://tools.ietf.org/html/rfc6234> > bcrypt came up first in the searched and then scrypt was pointed > out along with bcrypt's failings... the question now is being > able/willing to use someone else's code or to reinvent the wheel... > if it were me, i'd use the other code if its license fits the app > in question... I could code up almost any of these algorithms you want. I have reference implementations under Linux to test the validity of my code. I would make any such code available under the Berkeley License (or GPL v3). Indeed, I would make the source code available to all FPC users if there is interest in hashing here. - -- Regards, Dave [RLU #314465] *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* david.w.n...@googlemail.com (David W Noon) *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlYvuqwACgkQogYgcI4W/5QTEACeIgNf72/m5i1d4XY4RkMbN0UR QocAnRBkqsYbQR7e7LGDOFK/ZVkG6/G7 =qaUT -----END PGP SIGNATURE----- _______________________________________________ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
