[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SScrypto framework

Subject: Re: SScrypto framework
From: Jens Alfke <email@hidden>
Date: Wed, 13 Feb 2008 09:56:17 -0800
Delivered-to: email@hidden
Delivered-to: email@hidden


On 13 Feb '08, at 9:09 AM, Stephen Hoffman wrote:

Safest is to not store the password. At all.
Second safest is to store a one-way (non-reversible, cryptographic) hash (digest). SHA-1 or otherwise, and with associated data (the user and some other known but varying data) incorporated into the input to reduce the exposure to rainbow table attacks.

That's a good answer for a server app, that needs to authenticate users. But I was assuming this code was part of a client app, doing something like saving the user's login password to avoid asking for it every time. In which case the Keychain is the right solution.

—Jens_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/email@hidden

This email sent to email@hidden

Follow-Ups:
- Re: SScrypto framework
  - From: Wade Tregaskis <email@hidden>

References:
	>Re: SScrypto framework (From: Stephen Hoffman <email@hidden>)

Prev by Date: Re: Core Data: unidirectional relationships
Next by Date: Re: Changing up/down arrow behavior for NSTextField
Previous by thread: Re: SScrypto framework
Next by thread: Re: SScrypto framework
Index(es):
- Date
- Thread

Home