Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: SScrypto framework

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SScrypto framework

Subject: Re: SScrypto framework
From: Jens Alfke <email@hidden>
Date: Wed, 13 Feb 2008 09:56:17 -0800


On 13 Feb '08, at 9:09 AM, Stephen Hoffman wrote:

Safest is to not store the password. At all.
Second safest is to store a one-way (non-reversible, cryptographic) hash (digest). SHA-1 or otherwise, and with associated data (the user and some other known but varying data) incorporated into the input to reduce the exposure to rainbow table attacks.

That's a good answer for a server app, that needs to authenticate users. But I was assuming this code was part of a client app, doing something like saving the user's login password to avoid asking for it every time. In which case the Keychain is the right solution.

—Jens_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


Follow-Ups:

Re: SScrypto framework
From: Wade Tregaskis <email@hidden>


References:  
  >Re: SScrypto framework (From: Stephen Hoffman <email@hidden>)




Prev by Date:
Re: Core Data: unidirectional relationships

Next by Date:
Re: Changing up/down arrow behavior for NSTextField

Previous by thread:
Re: SScrypto framework

Next by thread:
Re: SScrypto framework

Index(es):

Date
Thread