On Wed, Jun 20, 2012 at 1:25 PM, Nick Edwards nick.z.edwa...@gmail.com wrote:
Hello,
I posted this to users list last week but no-one bit, so I'm trying here.
With md5crypt no longer recommended for use by its author, will Apache
soon support sha256/sha512 in basic authentication via MySQL.
On 21/06/2012 12:40, Ben Laurie wrote:
4. Use something that is hard to optimise in hardware (ideally).
And what about massive sites that need the crypto HW to manage the
concurrent logins?
Yes, you're making it harder on the hackers, but also potentially on our
users.
...Or did I just put my
On Thu, Jun 21, 2012 at 10:53 AM, Issac Goldstand mar...@beamartyr.net wrote:
On 21/06/2012 12:40, Ben Laurie wrote:
4. Use something that is hard to optimise in hardware (ideally).
And what about massive sites that need the crypto HW to manage the
concurrent logins?
I have never come across
On Thu, 2012-06-21 at 10:40 +0100, Ben Laurie wrote:
4. Use something that is hard to optimise in hardware (ideally).
5. Only hire web developers who know what they're doing, who know what
security is, and how to audit their code :)
If they cant get the database, then it wouldn't mater if
On Thu, 2012-06-21 at 10:57 +0100, Ben Laurie wrote:
On Thu, Jun 21, 2012 at 10:53 AM, Issac Goldstand mar...@beamartyr.net
wrote:
On 21/06/2012 12:40, Ben Laurie wrote:
4. Use something that is hard to optimise in hardware (ideally).
And what about massive sites that need the crypto HW
* Reindl Harald wrote:
i only needed to point out that weakhash(weakhash(weakhash()))
does not result in stronghash() no matter how often you wrap
I'm not sure, why the topic drifted there anyway. md5crypt does not actually
nest hashes like this.
nd
--
package
Hi Stefan,
On 6/21/12, Stefan Fritsch s...@sfritsch.de wrote:
On Wed, 20 Jun 2012, Nick Edwards wrote:
I posted this to users list last week but no-one bit, so I'm trying here.
With md5crypt no longer recommended for use by its author, will Apache
soon support sha256/sha512 in basic
On Wed, 20 Jun 2012, Nick Edwards wrote:
I posted this to users list last week but no-one bit, so I'm trying here.
With md5crypt no longer recommended for use by its author, will Apache
soon support sha256/sha512 in basic authentication via MySQL.
Note that it does not really matter that much
Am 20.06.2012 22:52, schrieb Stefan Fritsch:
On Wed, 20 Jun 2012, Nick Edwards wrote:
I posted this to users list last week but no-one bit, so I'm trying here.
With md5crypt no longer recommended for use by its author, will Apache
soon support sha256/sha512 in basic authentication via
Am 20.06.2012 23:19, schrieb Reindl Harald:
Am 20.06.2012 22:52, schrieb Stefan Fritsch:
On Wed, 20 Jun 2012, Nick Edwards wrote:
I posted this to users list last week but no-one bit, so I'm trying here.
With md5crypt no longer recommended for use by its author, will Apache
soon
On Wednesday 20 June 2012, Reindl Harald wrote:
Am 20.06.2012 23:19, schrieb Reindl Harald:
Am 20.06.2012 22:52, schrieb Stefan Fritsch:
On Wed, 20 Jun 2012, Nick Edwards wrote:
I posted this to users list last week but no-one bit, so I'm
trying here.
With md5crypt no longer
Am 20.06.2012 23:52, schrieb Stefan Fritsch:
you do not need the original password!
you only need a hash-collision and can leave out
special chars completly to find one
You need a password that gives the same value after 1000 rounds of
md5(password md5(password md5(password ...))). This
On Wednesday 20 June 2012, Reindl Harald wrote:
there is a reason why even the developer of md5crypt
saw the need for a offical statement that md5crypt
should never again be considered as secure in any case!
http://phk.freebsd.dk/sagas/md5crypt_eol.html
Follow the link in his statement:
Am 21.06.2012 00:14, schrieb Stefan Fritsch:
On Wednesday 20 June 2012, Reindl Harald wrote:
there is a reason why even the developer of md5crypt
saw the need for a offical statement that md5crypt
should never again be considered as secure in any case!
On Wed, 2012-06-20 at 22:52 +0200, Stefan Fritsch wrote:
On Wed, 20 Jun 2012, Nick Edwards wrote:
I posted this to users list last week but no-one bit, so I'm trying here.
With md5crypt no longer recommended for use by its author, will Apache
soon support sha256/sha512 in basic
15 matches
Mail list logo