encryption wonderment

  • Thread starter Thread starter Lloyd Dupont
  • Start date Start date
L

Lloyd Dupont

In our application we have an encrypted datafile.
To be a bit user friendly I had an encryption test at the begining of the
file.
I put the encrypted value of an 8 bytes known array. (the crypting algo uses
8 bytes block of data)

so I could test a user password to see if it encrypt the same way as the
real password.

I wonder if this doesn't decrease the security a bit?

What could I do?

I just think I could put only 4 bytes, enabling me to check, but not being
completely accurate.
any other ideas? thoughts?
 
Lloyd said:
In our application we have an encrypted datafile.
To be a bit user friendly I had an encryption test at the begining of the
file.
I put the encrypted value of an 8 bytes known array. (the crypting algo uses
8 bytes block of data)

so I could test a user password to see if it encrypt the same way as the
real password.

I wonder if this doesn't decrease the security a bit?
Click to expand...

It's theoretically decreasing the security.
What could I do?

I just think I could put only 4 bytes, enabling me to check, but not being
completely accurate.
Click to expand...

I'd put a MD5 or SHA1 hash of the passwort instead. When
the user types his password again, you build the hash
and compare it with the stored value.

bye
Rob
 
good idea, thanks for that!

Robert Jordan said:
It's theoretically decreasing the security.


I'd put a MD5 or SHA1 hash of the passwort instead. When
the user types his password again, you build the hash
and compare it with the stored value.

bye
Rob
Click to expand...
 
Back
Top