Re: [coldsync-hackers] m500: cannot coldsync

[Andrew Arensburger <arensb+CShackers@ooblick.com>]

On Sat, 22 Sep 2001, David A. Desrosiers wrote:
> 	Which is exactly why the combination hash is the best approach. You
> don't get the password, or the usable hash of the password, you get a hybrid
> hash. I've said that a third piece of information, the LastSyncTime should
> be used here also, to make sure that the hash in the local .rc file changes
> at every sync

	It just occurred to me that you shouldn't use the last sync time:
if, for whatever reason, you sync with another machine, or wipe your palm,
the last sync time on the Palm will have changed, and you will no longer
be able to verify the password.
	Obviously, you could store the last sync time in a file on the
desktop, but then this is no longer a bit of information intrinsic to the
Palm and external to the desktop workstation.

-- 
Andrew Arensburger                      Actually, these _do_ represent the
arensb@ooblick.com                      opinions of ooblick.com!
                        Generic Tagline V 6.01

This message was sent through the coldsync-hackers mailing list.  To remove
yourself from this mailing list, send a message to majordomo@thedotin.net
with the words "unsubscribe coldsync-hackers" in the message body.  For more
information on Coldsync, send mail to coldsync-hackers-owner@thedotin.net.