Re: SHA-1 vs. triple-DES for password encryption?

First of all, thank you all for the time and effort that went into everyone's responses. This discussion has given us much to think over.

My understanding of the replies in general are:

1. Either SHA-1 or 3DES would be sufficient for securing passwords. (MD5 is not an available option)
2. 3DES may be used to create a one-way function by using the password to encrypt some standard data.
3. Salting the password with a username and/or some random data would increase the security.
4. If storage is unable to be increased beyond eight bytes, either using 3DES to encrypt a standard eight bytes using the password or using SHA-1 and truncating to eight bytes would be acceptable.

If I have misunderstood any of this, please feel free to correct me.

On a side note ( I have asked someone this before, and if I missed the reply, I apologize), the FAQ for this list states :

"0.1.3 What is inappropriate content?

   Product advertisements.
   Basic "how to" questions, which are already in the lists programming guide.    Exploits, or discussion of methods to exploit vulnerabilities in detail."

Will someone here please point me to the "lists programming guide" mentioned?

Again, thank you very much and I look forward to reading any continued disussion.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Craig