please wait
- Forum
- General C++ Programming
- collate::hash
collate::hash
Jan 27, 2010 at 5:57am
Hey Guys,
I am creating a application in which I need to store user's login name and password. Recently I happened to read about cryptography's hash function. So is it good idea to use collate::hash for storing user's password instead of storing string based password? or is collate::hash is used for some other purpose. Sorry, I am really new to locale library.
Please guide me through.
Thanks
I am creating a application in which I need to store user's login name and password. Recently I happened to read about cryptography's hash function. So is it good idea to use collate::hash for storing user's password instead of storing string based password? or is collate::hash is used for some other purpose. Sorry, I am really new to locale library.
Please guide me through.
Thanks
Jan 27, 2010 at 12:07pm
Hi kevinchkin,
i think its not a really good idea to use collate::hash. This function seems to be made for use in hashtables, and not for cryptographic use.
The main purpose of storing a hash of a password instead of the password itself is the following: Assume someone breaks into your system and manages to get a copy of the data structure containing the password data. If the passwords are stored in plain text, the attacker has access to the hole system. If the passwords are stored as hash functions, the attacker needs to compute the password itself from its the hash value, so this compution has to be really time consuming.
As only crypthographic hash functions (e.g. sha, md5) are designed to have a hard to compute inverse, you should use one of these functions.
I hope this helps.
TheBear
i think its not a really good idea to use collate::hash. This function seems to be made for use in hashtables, and not for cryptographic use.
The main purpose of storing a hash of a password instead of the password itself is the following: Assume someone breaks into your system and manages to get a copy of the data structure containing the password data. If the passwords are stored in plain text, the attacker has access to the hole system. If the passwords are stored as hash functions, the attacker needs to compute the password itself from its the hash value, so this compution has to be really time consuming.
As only crypthographic hash functions (e.g. sha, md5) are designed to have a hard to compute inverse, you should use one of these functions.
I hope this helps.
TheBear
Jan 28, 2010 at 6:27am
Thanks for the reply TheBear. Can you please tell me the use of collate::hash?
Like when in programming one might need it?
Thanks
Like when in programming one might need it?
Thanks
Jan 28, 2010 at 11:44am
I don't exacly know, because i cannot find any definition of what collate::hash guarantees and what not (although i am sure it is not a cryptographic hash function).
From various Google results i make up that this function is meant for a faster way to compare strings, when you have to compare the same string to many others:
Simply compute the hash value of every involved string and compare the hash values whenever 2 strings are to be compared. Clearly the comparison of 2 integer values is much faster than the comparison of the strings themself.
This is especially right if you have to deal with different locales and encodings, because on every comparison in the usual way (character by character), every character might have to be translated to another encoding. When using the hash values, this to be done only once (to a common encoding) for the computation of the hash value.
I also think that it can be used for construction of hash tables (the IBM description of this function said that).
TheBear
From various Google results i make up that this function is meant for a faster way to compare strings, when you have to compare the same string to many others:
Simply compute the hash value of every involved string and compare the hash values whenever 2 strings are to be compared. Clearly the comparison of 2 integer values is much faster than the comparison of the strings themself.
This is especially right if you have to deal with different locales and encodings, because on every comparison in the usual way (character by character), every character might have to be translated to another encoding. When using the hash values, this to be done only once (to a common encoding) for the computation of the hash value.
I also think that it can be used for construction of hash tables (the IBM description of this function said that).
TheBear
Topic archived. No new replies allowed.