> That is why the hashcode algorithm being used
should be kept secret, and
> access to the hashcodes for accounts shuld be limited.
On Wed, 25 Apr 2007, Joachim Thiemann wrote:
Uh-oh. I think you forgot to add a smiley there...
or quotes, to indicate sarcasm
(If you didn't: this is a major security no-no!
Keeping the
encryption algorithm secret is NEVER a good idea - didn't work for the
germans, never worked for anybody. There are many many books on the
topic that will explain better than I can in this list about why this
is the case.)
It's only good as a short term measure. The Navajo code-talkers weren't
cracked, but given sufficient additional time, the Japanese would have
been able. And a single POW could have compromised it totally.