2008/11/28 Andy Gale <[EMAIL PROTECTED]>: > On Fri, Nov 28, 2008 at 12:30 AM, Lyle <[EMAIL PROTECTED]> wrote: > >> I'm wondering if MD5 is the best way to go? I know max was talking about >> encryption at the last meet... > I still only messing with RSA so... How secure does your application need to be? can you set up secure keys on both machines? I'll guess not as you need it to work with javascript (unless Jscript is different). > Now that MD5 is considered partially insecure[1], I'd recommend using > SHA1. Also, I'd suggest you use a salt [2] in the key you are trying > to generate. The salt being basically a random string. > SHA1 also has mathematical weaknesses, although MD5 is weaker the use of a salt, as described below, removes the possibility of a brute force attack (theoretically) > md5(id . password) is relatively easy to break with bruteforce (by > just trying all numbers and words, etc) while sha1(id . random_string > . password) is an order of magnitude more secure. > > Cheers > So basically it's a balance between being supported (I don't know about anything windows atm) and being secure (Using RSA keys to encrypt using another symmetric algorithm because RSA is about 1000 times slower than a symmetric algo. )
Max _______________________________________________ BristolBathPM mailing list [email protected] http://mailman.bristolbath.org/mailman/listinfo/bristolbathpm
