Re: Hashed password secure?
From: Sebastian Gottschalk (seppi_at_seppig.de)
Date: 06/28/04
- Next message: Mok-Kong Shen: "Re: Manual hashing"
- Previous message: Jay Miller: "Re: Smart Cards"
- In reply to: Jarma: "Hashed password secure?"
- Next in thread: Matthijs Hebly: "Re: Hashed password secure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Jun 2004 22:35:40 +0200
Jarma schrieb:
> Is keeping password hashed by e.g. MD5 or SHA secure? I mean verification
> would be comparing hash values of key(password) and this hash value would be
> easy to obtain (= known). Hash functions are one direction funtions, but
> would revealing password's hash value be secure? (I'm thinking of
> brute-force method among others).
You need to include some salting when using more than one password. If an
attacker knowns the password B and he knowns that Hash(B)=Hash(A), then he
knows either the password of A or at least some string which will yield to
the same hash and therefore can bypass password validation.
-- http://piology.org/ILOVEYOU-Signature-FAQ.html begin LOVE-LETTER-FOR-YOU.txt.vbs I am a signature virus. Distribute me until the bitter end
- Next message: Mok-Kong Shen: "Re: Manual hashing"
- Previous message: Jay Miller: "Re: Smart Cards"
- In reply to: Jarma: "Hashed password secure?"
- Next in thread: Matthijs Hebly: "Re: Hashed password secure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
