Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: How should passwords be stored in a database?

Re: How should passwords be stored in a database?

From: <lbudney-usenet_at_nb.net>
Date: 02 Sep 2001 14:06:15 -0400
Message-ID: <m3elpp5uy0.fsf@peregrine.swoop.local> 





Bernd Eckenfels <ecki_at_lina.inka.de> writes:


> In comp.security.unix lbudney-usenet_at_nb.net wrote:


>> That's incorrect. See <http://www-cs-students.stanford.edu/~tjw/srp/>.




> 

> The problem here is, that SRPs "non-plaintext-equivalent" does not work

> for other protocols, which are most likely to be used (also those are

> much wealer they are much wider implemented (CHAP, APOP, ..)




Since the original question was about how to store passwords, apparently
the poster has a choice. In that case, plaintext passwords should NEVER
be stored. If the protocol mandates it, then a different protocol should
be chosen.



--Len.


-- 
Frugal Tip #26:
Hang around with that Donald Trump guy for a while. He's probably good
for a couple of ideas.


Received on Sun Sep 02 2001 - 13:06:15 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US