A lovely sentiment, but it's a bit rose-colored. The statement only applies in a perfect world,

That's garbage! Passwords do not need to be decrypted. Ever!

You encrypt the password with a one-way hash and only store the hash.

To verify: you accept the password from the user; encrypt it using the same one-way hash and compare the result against the stored, encrypted value. If they match; he's authorised.

The password is never stored in any form that can be decrypted; and can only be discovered by encrypting every possibility and comparing them with the stored, encrypted result.

That has been the simple, correct way to do things since forever.

If you are handed a system where thousands of access routines managed by hundreds of non-IT folks are being used, the task of converting their access to more modernized and secure authentication techniques may not be permissible. Under those circumstances, obfuscation may be your only hope (Obi-wan).While I generally agree that the only thing worse than bad security is fake security, there are times when that's the only tool left in the toolbox.

More utter twaddle. No wonder the web leaks like a sieve when the obvious is ignored by so many "experts".

I can already hear sundialsvc4's skin crinkling as he cringes at all the things that will go wrong in the future when such a decision is made -- and he's right.

sundialsvc4 is a joke of a programmer; and you'll do yourself no good by hitching your skirts to his wagon train.

With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
"Science is about questioning the status quo. Questioning authority". I'm with torvalds on this
In the absence of evidence, opinion is indistinguishable from prejudice. Agile (and TDD) debunked

In reply to Re^4: encrypt passwords by BrowserUk
in thread encrypt passwords by fionbarr

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.