i have a project on password authentication, and i have simulated and already implemented two very secure algorithms but i also need any body who could assist me with developing a password authentication technique that would not need any database for storing the database and it will not need any for of database even if what is stored in the database is not the password but as long as it is used to authenticate a user and it will have to have a scheme or room for changing of password of the user not forgetting that it has to be secure. I'll really appreciate any body who chould help

11 Years
Discussion Span
Last Post by awo

i think you are in wrong place... it is java forum... some one should move this topic to IT Water Cooler.


so you want to authenticate passwords without having the passwords stored anywhere in any way.

How the heck are you going to know if the password entered is the correct one if you have nothing to compare it with?

Senseless "requirements", design rejected.


am still hoping on some thing, the reason for the project password authentication without data base is to circumvent the security issue of password verifier being stolen on the server which can still make the adversary to implicate a rightful user i have an idea but the only problem i am having now is problem that it is still impossible for a user to be change his password if need be what i did to generate the password is that i used a message hash which will use some of the attributes summited during registration to get a password which will be given to the user user will then submit his password and also the other field when logging in the server will then try to use the fields to see if it will generate the supplied password if not it will not authenticate the user i will see to it that you will get the code later today

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.