[Haskell-cafe] Password hashing

roger peppe rogpeppe at gmail.com
Thu Oct 30 09:12:43 EDT 2008

i'd be interested to know if you know of any studies on this.

i know of at least one system that uses it as the basis for
its crypto. superficially it's certainly an attractive method, with minimal
external dependencies, and, i'd have thought, at least a useful
addition to just using the system time.

obviously, an actual implementation would mix in the
full value of the counter, to take advantage of as much
randomness as possible.

in practice, the results don't seem too bad, but as with any
randomness, it's difficult to be really sure...


More information about the Haskell-Cafe mailing list