Re: Comparing password characters
The password will be stored in a database, encrypted by a key. The key will be held in an HSM. The 3 characters and their positions will be passed to the HSM (it's a standard function call for HSMs) where the encrypted password will be decrypted, the characters matched and a yes/no answer returned. All of this will happen within the HSM - so the password is never exposed.