Welcome Guest, Not a member yet? Register   Sign In
phpass HAVE BEEN CRACKED! What is the solution?
#44

[eluser]dmorin[/eluser]
Quote:Also remember that NOTHING in cryptography is unbreakable - it’s just a matter of time and effort.

I believe the same thing about websites. Assuming your application can never be broken and therefore, protecting your database is pointless, is just not smart.

Quote:If you have a weakness in your infrastructure that would allow access to your password store, you have way bigger issues than how you encrypt your passwords.
If you thought your infrastructure was impenetrable, you wouldn't need to hash your passwords at all... (you'd also be wrong, but hey...)

So while I agree to a point, upon further reflection, it's also fairly short-sighted.

EDIT:
Sorry one more point:
Quote:Secondarily, I tend to use a combination of MD5 and SHA1 in various methods of split/concat/encrypt/encode so that the final product is a one-way hash of several other hashes so it’s ridiculously unlikely to be broken even if it is hacked into.

If someone was able to get your code along with your data store and you use the same "algorithm" of combining different hashes for each password, it would be trivial to make rainbow tables for your custom algorithm. The only advantage you get is that the multiple steps would make it take computationally longer to create, so I guess that's something.


Messages In This Thread
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 10:13 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 10:26 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 10:36 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 11:03 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 11:07 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 11:21 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 12:05 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 12:06 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 12:09 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 12:13 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 12:26 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 12:32 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 12:47 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 12:49 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 12:54 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 01:09 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 01:15 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 04:33 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 06:10 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 06:37 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 08:00 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 08:18 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 09:52 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 11:10 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 11:19 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 11:39 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-17-2009, 01:38 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-17-2009, 02:37 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-17-2009, 07:31 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-17-2009, 07:35 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-17-2009, 07:44 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-17-2009, 07:55 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-17-2009, 08:51 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-17-2009, 08:53 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-18-2009, 12:30 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-18-2009, 01:00 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-18-2009, 01:17 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-18-2009, 01:20 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-18-2009, 08:21 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-18-2009, 09:30 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-18-2009, 01:47 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-18-2009, 02:01 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-18-2009, 03:42 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-18-2009, 03:52 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-18-2009, 04:34 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-18-2009, 07:40 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 10-03-2010, 08:50 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 10-03-2010, 12:32 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 10-03-2010, 01:03 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 10-03-2010, 03:52 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 10-03-2010, 04:01 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 10-04-2010, 12:53 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 10-04-2010, 01:10 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 10-04-2010, 02:54 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 04-06-2011, 07:58 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 04-13-2011, 02:54 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 04-13-2011, 04:10 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-21-2012, 08:01 AM



Theme © iAndrew 2016 - Forum software by © MyBB