Picking an Auth Library

Picking an Auth Library

El Forum
Unregistered

#16

05-16-2009, 06:19 AM

[eluser]Adam Griffiths[/eluser]
[quote author="Dam1an" date="1242492799"][quote author="Dregond Rahl" date="1242492579"]there is alot of argument over what should be used now days MD5 is now crackable, and SHA1 is taking a lead, but as we know bcrypt and PHPpass are becoming more significant. Not to mention bruteforce attacks. Its crazy a world.[/quote]

The reason MD5 is considred to be so insecure, is that rainbow tables are easily available (a rainbow table has the MD% hashed value of pretty much every combination between 1 and X characters)
SHA1 being 40 bytes means more possible combinations, so its more effort to do it then MD5 but still doable.

I just hash using SHA1 and salt (and hash again)[/quote]

You really shouldn't hash twice. It's more secure to hash a password with a salt, than to hash it again. This is because the second hash is from a hash of a set size, 32 with MD5, so it's more easily crackable. Whereas when you have a password in a salted hash it's much harder to get the cleartext because passwords can be any length and so can the salt so the hash is likely to be very different.

Messages In This Thread

Picking an Auth Library - by El Forum - 05-15-2009, 12:54 AM

Picking an Auth Library - by El Forum - 05-15-2009, 01:56 AM

Picking an Auth Library - by El Forum - 05-15-2009, 03:59 AM

Picking an Auth Library - by El Forum - 05-15-2009, 04:04 AM

Picking an Auth Library - by El Forum - 05-15-2009, 06:48 AM

Picking an Auth Library - by El Forum - 05-15-2009, 06:55 AM

Picking an Auth Library - by El Forum - 05-15-2009, 07:13 AM

Picking an Auth Library - by El Forum - 05-15-2009, 07:35 AM

Picking an Auth Library - by El Forum - 05-15-2009, 07:45 AM

Picking an Auth Library - by El Forum - 05-15-2009, 11:00 PM

Picking an Auth Library - by El Forum - 05-16-2009, 01:54 AM

Picking an Auth Library - by El Forum - 05-16-2009, 05:49 AM

Picking an Auth Library - by El Forum - 05-16-2009, 05:53 AM

Picking an Auth Library - by El Forum - 05-16-2009, 06:00 AM

Picking an Auth Library - by El Forum - 05-16-2009, 06:05 AM

Picking an Auth Library - by El Forum - 05-16-2009, 06:19 AM

Picking an Auth Library - by El Forum - 05-16-2009, 06:28 AM

Picking an Auth Library - by El Forum - 05-16-2009, 06:33 AM

Picking an Auth Library - by El Forum - 05-16-2009, 06:40 AM

Picking an Auth Library - by El Forum - 05-16-2009, 06:48 AM

Picking an Auth Library - by El Forum - 05-16-2009, 07:06 AM

Picking an Auth Library - by El Forum - 05-16-2009, 07:12 AM

Picking an Auth Library - by El Forum - 05-16-2009, 07:19 AM

Picking an Auth Library - by El Forum - 05-16-2009, 07:22 AM

Picking an Auth Library - by El Forum - 05-16-2009, 07:26 AM

Picking an Auth Library - by El Forum - 05-16-2009, 07:31 AM

Picking an Auth Library - by El Forum - 05-16-2009, 07:46 AM

Picking an Auth Library - by El Forum - 05-16-2009, 07:55 AM

Picking an Auth Library - by El Forum - 05-16-2009, 09:24 AM

Picking an Auth Library - by El Forum - 05-16-2009, 09:48 AM

Picking an Auth Library - by El Forum - 05-16-2009, 10:10 AM

Picking an Auth Library - by El Forum - 05-16-2009, 10:38 AM

Picking an Auth Library - by El Forum - 05-16-2009, 10:45 AM

Picking an Auth Library - by El Forum - 05-16-2009, 10:58 AM

Picking an Auth Library - by El Forum - 05-16-2009, 11:05 AM

Picking an Auth Library - by El Forum - 05-16-2009, 05:47 PM

Picking an Auth Library - by El Forum - 05-16-2009, 09:24 PM

Picking an Auth Library - by El Forum - 05-17-2009, 01:13 AM

Picking an Auth Library - by El Forum - 05-17-2009, 01:26 AM

Picking an Auth Library - by El Forum - 05-17-2009, 01:30 AM

Picking an Auth Library - by El Forum - 05-17-2009, 01:39 AM

Picking an Auth Library - by El Forum - 05-17-2009, 01:52 AM

Picking an Auth Library - by El Forum - 05-17-2009, 01:58 AM