Best way to store a password

Radix 16:
ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad

Radix 220 (guess):
25Hw.Q;\?>,)*+wQ&-=|8~p[}/{!369jWGw

The 220 HASH may look very confusing at first glance but when comparing "side-by-side" with a comparable HASH...

25Hw.Q;\?>,)*+wQ&-=|8~p[}/{!369jWGw
2qHw.Q.e2{x)*+pQ&-Py8~pP}/{!+URjWGw

it's actually much easier to tell they are different than this is:

ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
bqwa16bf8f01cfea414150derdae2q23b00361a396177a9ca410rf61u20011ad

Quote:

---

Originally Posted by aewarnick

The second question is, advice on finding GOOD source code to do it.

---

I would look at the OpenSSL source code, it will tell you everything:

http://www.openssl.org/source/

I think MD5 is good, but I wouldn't use CRC-32.

-Greg Dolley

Conversion back and forth is not trivial. If we use hex the conversion this is trivial.

This code assumes 32 bit machine with ascii for char.

Code:

---

        unsigned int hex = 220;
        char chex[10];
        unsigned int mask = 0xF0000000, i = 0, temp;

        memset(chex, 0, 10 * sizeof(char));
       
        do
        {
                temp = (hex & mask);
                temp = temp >> (4 * (7 - i));
                chex[i] = temp;
                if(chex[i] < 9)
                {
                        chex[i] += 0x30;
                }
                else
                {
                        chex[i] += 0x37;
                }
                mask = mask >> 4;
                ++i;
        }while(mask);

        printf("%0x, %s\n", hex, chex);

---

The point here is : the variable temp. It can only be 32 bits in length. Also, check the if else which maps hex to char. Both these steps will become costly if we go for higher radix also highly dependent on charcter set used. Atleast this is why I wont go for it.

As for comparision there are programs to do that. The bandwidth can always be saved the other way. We can define a new control which can accept hex values and display them as user readable string. Also I dont think its necessary; its not going to save a lot, you transmit 128 bytes instead of 32 bytes traffic which is very small when compared to the file (some kbs).

The savings is trivial...you're right, it may not be worth the effort.

What is that code you posted? Conversion from binary to 16 or binary to 220?

Quote:

---

Originally Posted by aewarnick

What is that code you posted? Conversion from binary to 16 or binary to 220?

---

Binary to Hex characters.
Compare it with the binary to some higher radix conversion function. It will not be trivial as this one.

You don't know of any code to do that do you?

Its not tough to do that. Here are the steps.

1. get the binary equivalent of the symbol. Usually mask will do this work. But if you go for higher radix (220 radix requires a datatype of length 220 bits) there is no std data type to store the value (ofcourse the input is also an array). But you could always store it in the array.
2. now map those binary values to printable chars. In hex conversion this is done by the if else statement.

Code:

---

                if(chex[i] < 9)
                {
                        chex[i] += 0x30;
                }
                else
                {
                        chex[i] += 0x37;
                }

---

But in case of higher radix this task is not trivial for higher radix as each value is an array.

Of course you can go for radix 32 in a 32 bit machine and avoid all these array business.

Sorry for a bit offtopic here - however here's another reason for not using md5 in any easily accessible place.
Hope you will find it interesting.

http://www.antsight.com/zsl/rainbowcrack/

That's not off topic at all! It just goes to show why I should use something more secure.