25 Apr
2007
25 Apr
'07
1:15 p.m.
On 25/04/07, Fred Cisin <cisin at xenosoft.com> wrote:
That is why the hashcode algorithm being used should
be kept secret, and
access to the hashcodes for accounts shuld be limited.
Uh-oh. I think you forgot to add a smiley there...
(If you didn't: this is a major security no-no! Keeping the
encryption algorithm secret is NEVER a good idea - didn't work for the
germans, never worked for anybody. There are many many books on the
topic that will explain better than I can in this list about why this
is the case.)
Joe.