Reply to Re: md5 encryption

Your name:

Reply:


Posted by simon on 09/26/04 11:17

> simon wrote:
>
>> He was asking about passwords. Almost every site that is md5() only
>> compare the hash as they cannot compare the string.
>> So, technically, given a hash key you can get a string. In turn that
>> string would match the hash and give you access.
>
> I don't quite agree. If the hash isn't generated by the string itsself,
> but
> by a slightly alternated version of it, like md5(string.'extra'), the
> attacker would find a string y with md5(y)==hash, but not one with
> md5(y.'extra')==hash.
> I think this is a very simple way to make a authentication routine more
> secure.

Yes, but that method is not used by many, (open source), applications.

Simon

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация