The "next big thing" is already here in the form of algorithms like bcrypt that allow
the complexity ("amount of work for hashing") to be increased over time.
Generally, hashing algorithms from the SHA family and other "fast" algorithms should be avoided.
Speed for password hashing is actually a bad thing as this allows an attacker to try more combinations in less time.
For things like file hashing, MD5/SHA1 etc. can still be used, but please do not use them for password hashing
or anywhere else where security is a concern!
MD5 and password store
Re: MD5 and password store
Blog: Why Does It Suck? (http://whydoesitsuck.com/)
"You can disagree with me as much as you want, but during this talk, by definition, anybody who disagrees is stupid and ugly."
- Linus Torvalds
Re: MD5 and password store
Yep folks, this is all clear !
But again, i will ask you all
What is the way for bruting this sample, without knowing the salt ?
I self use a long time only SHA3, before it was coming with PB540
But, this is not the reason, the reason is, you can this sample not brute or what ever without a known salt
So you known the salt, you must make your own wordbook attack, rainbow tables for MD5 working here not
It is sooo simple, a lot of things everybody can do against table attacks, not only 'stupid' a salt
And a good password must not are a simple word
Each programmer how create rainbow table sensitive hashes, has, i self think, simple things not understand
This is more as a lot to do for breaking a clever created MD5 password hash, i think....
And further, i think, nobody can this
But again, i will ask you all
What is the way for bruting this sample, without knowing the salt ?
I self use a long time only SHA3, before it was coming with PB540
But, this is not the reason, the reason is, you can this sample not brute or what ever without a known salt
So you known the salt, you must make your own wordbook attack, rainbow tables for MD5 working here not
It is sooo simple, a lot of things everybody can do against table attacks, not only 'stupid' a salt
And a good password must not are a simple word
Each programmer how create rainbow table sensitive hashes, has, i self think, simple things not understand
This is more as a lot to do for breaking a clever created MD5 password hash, i think....
And further, i think, nobody can this
Code: Select all
EnableExplicit
UseMD5Fingerprint()
#salt$="86349c23q03457t5&(%)=/?=/()/%$%§?(/§"
Define password$="Your Password"
Define resulted_string$=password$+#salt$
Define hash$=Fingerprint(@resulted_string$, StringByteLength(resulted_string$), #PB_Cipher_MD5)
Debug hash$
Last edited by walbus on Tue Oct 11, 2016 4:11 pm, edited 1 time in total.
Re: MD5 and password store
Now, what we see...
It´s simple to say things are bad
It's simple not ever necessary for changing a password base to SHA3
Mostly it is business, not idleness...
It´s simple to say things are bad
It's simple not ever necessary for changing a password base to SHA3
Mostly it is business, not idleness...