1. Field of the Invention
The present invention relates to techniques for authenticating a user in a computer system. More specifically, the present invention relates to a method and an apparatus for accommodating different verifier types for passwords in a computer system which provides only limited storage space for each verifier.
2. Related Art
One of the key enabling features in a multi-user computer system is the security/password mechanism, which allows a user to specify an alphanumeric password for authentication purposes. However, for security reasons, a user's password is normally not stored in the computer system in “plain text” format. Some computer systems perform a one-way hash function on a user's password to obtain a corresponding verifier (hash value), which is stored locally on the computer system. Because it is easy to compute the verifier based on a password, but very difficult to derive the password from a verifier, it is more secure to store and compare the verifiers during a user-authentication process.
In general, a hash function takes a variable-length input string and computes a fixed-length verifier. Legacy computer systems usually allocate fixed-size storage space to store each verifier. This limited storage space becomes a problem with the emergence of more sophisticated hash functions, which produce larger-size verifiers which may not fit in the limited storage space. The inability to accommodate larger-size verifier types is particularly troublesome in legacy computer systems running mission-critical database applications. This is because it is usually difficult to substantially change the underlying operating system of the legacy computer system without affecting the operation of the database application.
Hence, what is needed is a method and an apparatus for accommodating different verifier types in a computer system which allocates only limited storage space for each verifier.