Re: How to validate passwords without storing them anywhere. -- MIDRANGE-L

× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.

Subject: Re: How to validate passwords without storing them anywhere.
From: Nathan Andelin <nandelin@xxxxxxxxx>
Date: Wed, 17 Mar 2021 13:43:27 -0600
List-archive: <https://archive.midrange.com/midrange-l/>
List-post: <mailto:midrange-l@lists.midrange.com>
List-subscribe: <https://lists.midrange.com/mailman/listinfo/midrange-l>, <mailto:midrange-l-request@lists.midrange.com?subject=subscribe>
List-unsubscribe: <https://lists.midrange.com/mailman/options/midrange-l>, <mailto:midrange-l-request@lists.midrange.com?subject=unsubscribe>

On Wed, Mar 17, 2021 at 1:16 PM Rob Berendt <rob@xxxxxxxxx> wrote:

Basically is there any difference in a brute force attack between the sql
encryption and the other methods?

Perhaps that the attacker has access to an SQL interface either at their
own location or yours in which to test their attack. For example, what if
they copy the security table to their location and hammer away at it using
SQL?

Whereas maybe another method might be a licensed encryption program that
can't be invoked from SQL?

As an Amazon Associate we earn from qualifying purchases.

Follow-Ups:

RE: How to validate passwords without storing them anywhere. , Rob Berendt

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.