Reply to Re: Lost password + MD5 ?

Your name:

Reply:


Posted by Erwin Moller on 09/02/05 17:43

ijsaunders@gmail.com wrote:

> This is correct, never store password in plain text. The above
> suggestion is correct, though I would also put in some random
> characters (segment the string and rebuild it the other end).
>
> Give them a link to log in so that they immediately have to create a
> new password as suggested above. also think about using security
> questions.
>
> perhaps also pass some sort of encrypted username in the link also to
> make the checking function that much quicker to validate. (i.e. select
> where user= (decrypt) and pass=(decrypt).

Hi,

I don't want to ruin this party, but if you safe md5(password) you might as
well store them plaintext.
MD5 has had its best days. :-(

Some really smart Chineese guys came up with an algoritm that produces
INPUTSTRINGS that give the same MD5 hash as the original string.
That effect is called collison:
MD5(StringA) -> blakjhdsafjkh
MD5(StringB) -> blakjhdsafjkh
MD5(StringC) -> blakjhdsafjkh
etc.

They came up with an algoritm that produces some string (StringB and StringC
in the above example) that produce the same hash.

I also read some smart@ss at slashdot improved on this, and now it can be
done on a run-of-the-mill PC in 1 second.

So: effectively MD5 is broken. Do not use it.

Same goes for SHA1 (different problem).

If you are interested, read more on the topic.
Written by the best: Schneier. :-)

http://www.schneier.com/blog/archives/2005/02/sha1_broken.html

Regards,
Erwin Moller

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация