Page 2 of 2
Re: RC4 Encryption Security
Posted: Fri Jul 30, 2010 3:50 pm
by freak
What is the benefit of hashing multiple times? Just hashing once with a sufficiently long salt should be enough to make such rainbow tables useless.
Re: RC4 Encryption Security
Posted: Fri Jul 30, 2010 4:59 pm
by nco2k
well, its kind of a trend nowadays. i already saw a server once, re-hashing its passwords up to 1000(!) times, before storing them in a database, which is of course a total overkill but oh well.
its just part of the "algorithm" and not only meant to avoid rainbow tables, but to create confusion.
but yes, you are basically right.
c ya,
nco2k
Re: RC4 Encryption Security
Posted: Fri Jul 30, 2010 5:15 pm
by freak
You know the old saying: "if one hash is good, 1000 must be better"
Re: RC4 Encryption Security
Posted: Fri Jul 30, 2010 5:29 pm
by nco2k
didnt heard that one before, but i guess they did.
c ya,
nco2k
Re: RC4 Encryption Security
Posted: Fri Jul 30, 2010 5:52 pm
by Little John
freak wrote:Btw, the flaws in MD5 (and also similar ones in SHA-1) only concern things like digital signing of documents, where the attacker wants to specifically generate two documents with different content but the same hash. Then if he gets one of them digitally signed, the signature will also be valid for his other document. For this there are very fast algorithms today, making MD5 useless for digital signing.
Hi freak,
this sounds very interesting. What algorithm (to be implemented in PB, of course) do you recommend for digital signing of documents?
Regards, Little John
Re: RC4 Encryption Security
Posted: Fri Jul 30, 2010 6:35 pm
by freak
Sorry, i don't have much knowledge in that area.