Posted by Toby Inkster on 12/13/06 17:49

Norman Peelman wrote:

> My question becomes that of feasability... how bad is this for
> passwords as opposed to forging documents?

For low to medium security purposes, I'm guessing that MD5 will still be a
useful hash function for a few years yet -- I don't think it is yet the
time to rip all the md5() functions out of your existing programmes and
replace them with more modern hashes. But my advice would certainly be to
consider hashes such as SHA256 and Whirlpool for future projects.

For checksummy-type purposes, like verifying a file hasn't been
accidentally damaged during a download or compression/decompression, then
I'd recommend comparing not just hashes, but also file sizes.

For passwordy-type purposes, I'd recommend *not* storing the length of the
un-hashed password, as this gives an additional clue to what the password
is.

(Also, Google for "md5deep".)

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact

[Back to original message]