Re: hash-password length relation (was: Password security)

From: Antoine Beaupre (anarcat@anarcat.ath.cx)
Date: 06/20/02


Date: Thu, 20 Jun 2002 11:03:57 -0400
To: Dag-Erling Smorgrav <des@ofug.org>
From: Antoine Beaupre <anarcat@anarcat.ath.cx>

Thank you everyone for such quick response.

A.

Le jeudi 20 juin 2002, à 11:00 AM, Dag-Erling Smorgrav a écrit :

> Antoine Beaupre <anarcat@anarcat.ath.cx> writes:
>> Does the length of the encrypted password grow with the length of the
>> password?
>
> Traditional DES always produces a 13-byte hash (including the salt).
> MD5 produces a 31-byte hash (also including the salt). Blowfish
> produces a 32-byte hash with (IIRC) a variable-length salt of up to 16
> bytes. Both MD5 and Blowfish use a special prefix to identify the
> hash algorithm used; it's usually three bytes long for MD5 and five or
> six bytes long for Blowfish.
>
> DES
> --
> Dag-Erling Smorgrav - des@ofug.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • Re: How to encrypt the data of a field
    ... What is the difference between hash and encrypted password? ... for most purposes you are probably better off NOT to store ... Store a secure hash of the password ...
    (microsoft.public.sqlserver.server)
  • Re: How to encrypt the data of a field
    ... for the original data, but that is untrue for most of the world's ... magazine, or a combination of two simple words or names, possibly with a ... the password is trivial to find from the hash. ... En encrypted password can be decrypted. ...
    (microsoft.public.sqlserver.server)
  • Re: How to encrypt the data of a field
    ... meaning, there is no way to reconstruct the original ... data from the hash. ... En encrypted password can be decrypted. ...
    (microsoft.public.sqlserver.server)