Password Storage
Alex Parrill via Digitalmars-d-learn
digitalmars-d-learn at puremagic.com
Thu Nov 26 17:05:08 PST 2015
On Friday, 27 November 2015 at 00:50:25 UTC, brian wrote:
>
> Thanks for the blatant faux pas.
> I wasn't going to use MD5, I just meant "hash it somehow",
> which was not apparent from my question. My bad.
>
> Algorithm aside, the rest of that approach seems sensible then?
>
> The hash implementation was probably going to be a part 2 of
> this question.
> I'd use dcrypt (https://github.com/puzzlehawk/dcrypt) to keep
> all the d-goodness, but according to the author, that's not
> "production ready" yet.
> In lieu of that, I'll have a gander at those libraries you
> mentioned.
Yea. I've used bcrypt a few times; it's usually just using the
hash function to hash the passwords, then the check function to
check them, and that's it (bcrypt stores the salt along with the
password).
I don't know if I'd trust dcrypt yet. No offence to the authors,
but I doubt that it has gone through the review that more popular
C libraries have.
More information about the Digitalmars-d-learn
mailing list