Brute forcing MD5 hashes is really only going to work if you are still
using weak passwords to begin with and just hashing them. This then works
in exactly the same way as a brute force dictionary attack on a plain
password, except they try the hashed version of the same password.
You should always allow  strong passwords and pass phrases, sadly so many
sites still do not do this.


On Thu, Mar 12, 2015 at 2:43 PM, Byron Mann <byronos...@gmail.com> wrote:

>
> Just for reference. Here's a pretty good article on how to hash properly.
>
> https://crackstation.net/hashing-security.htm
>
> Hashing is often done incorrectly, even if it's being salted you never want
> to use the same salt across the board. Simple thing is, compute power is so
> available, brute forcing MD5 hashes is fairly easy these days. I wouldn't
> even recommend using MD5 for anything secure like a hash of a password.
> Stick to that for simple things like file compares, etc.
>
> Cheers,
> ~Byron
>
>
> 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360252
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Reply via email to