The ProgrammersTalk Community
Forum Register Search Today's Posts Mark Forums Read
Register

Go Back   The ProgrammersTalk Community > Web Programming > Database
Reload this Page What you would have in a user DB?


Welcome to the The ProgrammersTalk Community forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact contact us.
Reply
Page 2 of 2 < 1 2
 
LinkBack (3) Thread Tools    Display Modes   
  3 links from elsewhere to this Post. Click to view. #11 (permalink)  
Old 06-13-2007, 03:47 PM
Lee's Avatar
Lee Lee is offline
PT Staff*
Awards Showcase
Quality Tutorial 
Total Awards: 1
Join Date: Jun 2007
Location: Blackpool, UK
Posts: 616
iTrader: (0)
Lee is just really niceLee is just really niceLee is just really niceLee is just really nice
Quote:
Originally Posted by TeraTask View Post
Please, at least switch to using sha1 while it's early in the game if you're not able to use the more robust ones.
Just a question, what does sha1 offer that md5() does not? and why should i use it over any other function?

__________________
Digg this Post! Del.Icio.Us this Post! Technorati this Post! Furl this Post! Mister Wong this Post! Newsvine this Post! Spurl this Post! Reddit this Post! Netscape this Post!
Reply With Quote
  #12 (permalink)  
Old 06-13-2007, 03:57 PM
TeraTask's Avatar
TeraTask TeraTask is offline
PT Admin
Awards Showcase
Quality Tutorial Quality Tutorial Quality Tutorial 
Total Awards: 3
Join Date: Jun 2007
Location: Reno, NV
Posts: 441
iTrader: (0)
TeraTask is a splendid one to beholdTeraTask is a splendid one to beholdTeraTask is a splendid one to beholdTeraTask is a splendid one to beholdTeraTask is a splendid one to beholdTeraTask is a splendid one to behold
Sure. I'll be happy to elaborate. Undoubtedly you know that a hash is a one-way function (i.e. no inverse is known to exist). This makes finding people's passwords out pretty much impossible. So, how to hack it? Well, hash functions do have the ability to have 2 different inputs return the same value (don't ask me for an example, lol.) A hash is considered compromised if someone develops a way to "relatively" quickly find an input which comes up with the same output as for your actual password. This new input can be used for your password without ever having to know the original password. The post on php.net I linked to indicates that sha1 (which is newer than md5) has been compromised in such a fashion (md5 was a few years back if memory serves). To ensure that such an attack does not work on your system (essentially leaving it only open dictionary and social engineering attacks), you'll want to use one of the latest hashing functions that have not yet had such a method developed.

__________________
Jeremy Miller
Content Farmer - Optimized Automated Blog Posting
Digg this Post! Del.Icio.Us this Post! Technorati this Post! Furl this Post! Mister Wong this Post! Newsvine this Post! Spurl this Post! Reddit this Post! Netscape this Post!
Reply With Quote
  #13 (permalink)  
Old 06-13-2007, 04:01 PM
Lee's Avatar
Lee Lee is offline
PT Staff*
Awards Showcase
Quality Tutorial 
Total Awards: 1
Join Date: Jun 2007
Location: Blackpool, UK
Posts: 616
iTrader: (0)
Lee is just really niceLee is just really niceLee is just really niceLee is just really nice
I will use that from now then , thanks

__________________
Digg this Post! Del.Icio.Us this Post! Technorati this Post! Furl this Post! Mister Wong this Post! Newsvine this Post! Spurl this Post! Reddit this Post! Netscape this Post!
Reply With Quote
  #14 (permalink)  
Old 06-13-2007, 04:25 PM
Nutter Nutter is offline
Novice
Join Date: Jun 2007
Posts: 22
iTrader: (0)
Nutter is on a distinguished road
OP - Apologies for continuing this thread going way off topic

Jeremy - Aren't the crack methods for SHA1 and MD5 just going through combinations of characters hoping for a string that has the same hash as the actual password? In that case, isn't SHA1 more secure because it simply has a longer hash and would be less likely to have two strings match?

__________________
- Ryan
Digg this Post! Del.Icio.Us this Post! Technorati this Post! Furl this Post! Mister Wong this Post! Newsvine this Post! Spurl this Post! Reddit this Post! Netscape this Post!
Reply With Quote
  #15 (permalink)  
Old 06-13-2007, 04:30 PM
TeraTask's Avatar
TeraTask TeraTask is offline
PT Admin
Awards Showcase
Quality Tutorial Quality Tutorial Quality Tutorial 
Total Awards: 3
Join Date: Jun 2007
Location: Reno, NV
Posts: 441
iTrader: (0)
TeraTask is a splendid one to beholdTeraTask is a splendid one to beholdTeraTask is a splendid one to beholdTeraTask is a splendid one to beholdTeraTask is a splendid one to beholdTeraTask is a splendid one to behold
Quote:
Originally Posted by Nutter View Post
Aren't the crack methods for SHA1 and MD5 just going through combinations of characters hoping for a string that has the same hash as the actual password?
Yes, but generally in some kind of optimized way to reduce the amount of work required.
Quote:
Originally Posted by Nutter View Post
In that case, isn't SHA1 more secure because it simply has a longer hash and would be less likely to have two strings match?
SHA1 is more secure than MD5 and a careful reading of my previous post will show that I implied that. Using the same logic SHA256 is more secure than SHA1 and SHA512 is more secure than those others. Hence my recommendation for using those more secure methods.

I think you may have just gotten confused about what I was saying.

__________________
Jeremy Miller
Content Farmer - Optimized Automated Blog Posting
Digg this Post! Del.Icio.Us this Post! Technorati this Post! Furl this Post! Mister Wong this Post! Newsvine this Post! Spurl this Post! Reddit this Post! Netscape this Post!
Reply With Quote
  #16 (permalink)  
Old 06-18-2007, 08:01 AM
Lee's Avatar
Lee Lee is offline
PT Staff*
Awards Showcase
Quality Tutorial 
Total Awards: 1
Join Date: Jun 2007
Location: Blackpool, UK
Posts: 616
iTrader: (0)
Lee is just really niceLee is just really niceLee is just really niceLee is just really nice
I forgot to Add IP Address to the list, thats very important for alot of things, such as banning or as a way to see if they have voted on something also.

__________________
Digg this Post! Del.Icio.Us this Post! Technorati this Post! Furl this Post! Mister Wong this Post! Newsvine this Post! Spurl this Post! Reddit this Post! Netscape this Post!
Reply With Quote
Reply
Page 2 of 2 < 1 2

« Understanding mySQL Table | How To Set The MYSQL Root Password »

Thread Tools
Display Modes
Linear Mode Linear Mode

   Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

LinkBacks (?)
LinkBack to this Thread: http://www.programmerstalk.net/thread711.html
Posted By For Type Date
How show md5 password This thread Refback 06-19-2007 10:45 PM
How show md5 password This thread Refback 06-14-2007 11:40 AM
How show md5 password This thread Refback 06-14-2007 11:32 AM


All times are GMT -7. The time now is 05:36 AM. Powered by vBulletin
Copyright © 2000 - 2007, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO © 2007 ProgrammersTalk Sedo - Buy and Sell Domain Names and Websites project info: programmerstalk.net Statistics for project programmerstalk.net etracker® web controlling instead of log file analysis

FAQ - Contact Us - The ProgrammersTalk Community - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50