Login

02-05-2010, 11:00 AM

[eluser]Michael Wales[/eluser]
Yeah, I thought we were beyond the cookie-based session is insecure discussion and were just discussing general security measures and ways to make the cookie more secure than it is.

Quote:oh and what unknown combination are you taking about with a auth library released in the open?

The fields themselves don't matter - it's the content within the fields. There's a lot more content that is not publicly available in an account that one would think - just salt and created_on would be enough to generate a hard to reverse hash - definitely enough to bring it outside of the scope of rainbow tables, leaving brute force the only option available.

That's really the only goal with hashes - get them obscure enough to be outside the scope of a rainbow table and physically random enough to be way down the list of an alphanumeric iterator. If you are hashing abc, an iterator is going to get there pretty quick. If you are hashing ab2010-02-10c, it's going to a bit longer for an iterator to get there.