Reply to post: Re: Comparing password characters

NatWest customer services: We're aware of security glitch

Anonymous Coward
Anonymous Coward

Re: Comparing password characters

The password will be stored in a database, encrypted by a key. The key will be held in an HSM. The 3 characters and their positions will be passed to the HSM (it's a standard function call for HSMs) where the encrypted password will be decrypted, the characters matched and a yes/no answer returned. All of this will happen within the HSM - so the password is never exposed.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019