Picking an Auth Library |
[eluser]theshiftexchange[/eluser]
Fuzzy - it works like this: Lets assume firstly that you did NOT hash passwords - but stored them as plain text. If someone looks into your database (dont ask me how - just pretend they did), they would be able to see each user, and look at the next field and see the password in plain text. Now, lets assume we are using MD5 and hash the password. If someone looks into your database, they would see the user, but still not know what the password was. Except, what they can do now, is get that "hash" password - and go to a site such as http://tools.benramsey.com/md5/ and see what the MD5 value represents; thus its effectively now storing it as plain text. The reason this works is because MD5 is a known algorithm, people just create a massive database, and start by hasing (a, b, c,...,aa,ab,ac....,wfefwf,32r32r,5233) up to a certain number of chars - say 10 (a common maximum for passwords). All they need to do is compare their MD5 with the database, and see what their MD5 Hash represents. EDIT: The reason 'salt' works well, is because the MD5 look-up tables are now basically useless. Even if the hacker knew what 'salt' you were using (using source code), they would have to effectively create a new hash md5 lookup table, with YOUR salt key, which takes forever (I think doing up to 8 characters takes 205 days to compute), thus saving your users from secruity risks |
Messages In This Thread |
Picking an Auth Library - by El Forum - 05-15-2009, 12:54 AM
Picking an Auth Library - by El Forum - 05-15-2009, 01:56 AM
Picking an Auth Library - by El Forum - 05-15-2009, 03:59 AM
Picking an Auth Library - by El Forum - 05-15-2009, 04:04 AM
Picking an Auth Library - by El Forum - 05-15-2009, 06:48 AM
Picking an Auth Library - by El Forum - 05-15-2009, 06:55 AM
Picking an Auth Library - by El Forum - 05-15-2009, 07:13 AM
Picking an Auth Library - by El Forum - 05-15-2009, 07:35 AM
Picking an Auth Library - by El Forum - 05-15-2009, 07:45 AM
Picking an Auth Library - by El Forum - 05-15-2009, 11:00 PM
Picking an Auth Library - by El Forum - 05-16-2009, 01:54 AM
Picking an Auth Library - by El Forum - 05-16-2009, 05:49 AM
Picking an Auth Library - by El Forum - 05-16-2009, 05:53 AM
Picking an Auth Library - by El Forum - 05-16-2009, 06:00 AM
Picking an Auth Library - by El Forum - 05-16-2009, 06:05 AM
Picking an Auth Library - by El Forum - 05-16-2009, 06:19 AM
Picking an Auth Library - by El Forum - 05-16-2009, 06:28 AM
Picking an Auth Library - by El Forum - 05-16-2009, 06:33 AM
Picking an Auth Library - by El Forum - 05-16-2009, 06:40 AM
Picking an Auth Library - by El Forum - 05-16-2009, 06:48 AM
Picking an Auth Library - by El Forum - 05-16-2009, 07:06 AM
Picking an Auth Library - by El Forum - 05-16-2009, 07:12 AM
Picking an Auth Library - by El Forum - 05-16-2009, 07:19 AM
Picking an Auth Library - by El Forum - 05-16-2009, 07:22 AM
Picking an Auth Library - by El Forum - 05-16-2009, 07:26 AM
Picking an Auth Library - by El Forum - 05-16-2009, 07:31 AM
Picking an Auth Library - by El Forum - 05-16-2009, 07:46 AM
Picking an Auth Library - by El Forum - 05-16-2009, 07:55 AM
Picking an Auth Library - by El Forum - 05-16-2009, 09:24 AM
Picking an Auth Library - by El Forum - 05-16-2009, 09:48 AM
Picking an Auth Library - by El Forum - 05-16-2009, 10:10 AM
Picking an Auth Library - by El Forum - 05-16-2009, 10:38 AM
Picking an Auth Library - by El Forum - 05-16-2009, 10:45 AM
Picking an Auth Library - by El Forum - 05-16-2009, 10:58 AM
Picking an Auth Library - by El Forum - 05-16-2009, 11:05 AM
Picking an Auth Library - by El Forum - 05-16-2009, 05:47 PM
Picking an Auth Library - by El Forum - 05-16-2009, 09:24 PM
Picking an Auth Library - by El Forum - 05-17-2009, 01:13 AM
Picking an Auth Library - by El Forum - 05-17-2009, 01:26 AM
Picking an Auth Library - by El Forum - 05-17-2009, 01:30 AM
Picking an Auth Library - by El Forum - 05-17-2009, 01:39 AM
Picking an Auth Library - by El Forum - 05-17-2009, 01:52 AM
Picking an Auth Library - by El Forum - 05-17-2009, 01:58 AM
|