> -----Original Message----- > From: Kerry [mailto:[EMAIL PROTECTED] > Sent: Tuesday, November 29, 2005 1:14 PM > To: CF-Talk > Subject: RE: pseudo-memory leak > > FYI, hashing something doesnt mean that it cant be extracted, why just the > other day my little 2Ghz workstation extracted a 5 character password from > a > hash in about 5 minutes...
Actually it does - mostly because hashes aren't unique to the value. You might have been lucky and "extracted" the same value, but MANY values would end up with the same hash value. So in a security sense the point is not to find the original value but to find ANY value which results in the same hash. This kind of thing is also why a lot of people use "salt" in their algorithms: longer origin strings are harder to find matches for. Jim Davis ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:225597 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
