Author Topic: Hash of passwords (Read 2659 times)

kingja · « **on:** September 05, 2012, 04:39:40 PM »

Bruce,

In a recent Clarion Live webinar, you spoke of hashing passwords. Is there an example app or other documentation on how to approach this?

Thanks,

Jeff King

Bruce · « **Reply #1 on:** September 05, 2012, 11:20:12 PM »

Hi Jim,

The WebForums source code uses Cryptonite to do this. But in theory any hashing code would work.
I haven't yet done a NetTalk example though, using Cryptonite to show the actual code.

The basic process though is fairly simple.
a) store the password "hashed".
b) hash the incoming password
c) compare the hash's

Add to that the Salt, and the process becomes;
a) add a random salt to the password and store the salt by itself in one field, and a hash of the combined (salt + password) in the password field.
b) hash the salt + incoming password
c) compare the hash's.

the salt itself is not a secret - so it can be stored in a normal unencrypted field.

The purpose of the salt (short version) is to prevent two users in the system with the same password from having the same password hash.

cheers
Bruce

NetTalk Central

Author Topic: Hash of passwords (Read 2659 times)

kingja

Hash of passwords

Bruce

Re: Hash of passwords