Re: md5 encryption
- From: "simon" <spambucket@xxxxxxxxxxxx>
- Date: Sun, 29 May 2005 12:31:44 +0100
> simon wrote:
>
>> He was asking about passwords. Almost every site that is md5() only
>> compare the hash as they cannot compare the string.
>> So, technically, given a hash key you can get a string. In turn that
>> string would match the hash and give you access.
>
> I don't quite agree. If the hash isn't generated by the string itsself,
> but
> by a slightly alternated version of it, like md5(string.'extra'), the
> attacker would find a string y with md5(y)==hash, but not one with
> md5(y.'extra')==hash.
> I think this is a very simple way to make a authentication routine more
> secure.
Yes, but that method is not used by many, (open source), applications.
Simon
.
- References:
- md5 encryption
- From: roger
- Re: md5 encryption
- From: Simon
- Re: md5 encryption
- From: Michael Trausch
- Re: md5 encryption
- From: simon
- Re: md5 encryption
- From: Andy Hassall
- Re: md5 encryption
- From: simon
- Re: md5 encryption
- From: Oli Filth
- Re: md5 encryption
- From: simon
- Re: md5 encryption
- From: Oli Filth
- Re: md5 encryption
- From: simon
- Re: md5 encryption
- From: Otto Allmendinger
- md5 encryption
- Prev by Date: Re: md5 encryption
- Next by Date: Re: GD generated image and HTTP headers
- Previous by thread: Re: md5 encryption
- Next by thread: Re: md5 encryption
- Index(es):
Relevant Pages
|
