> On Friday 09 Mar 2007, Paul Vernon wrote: > > If you discover the password, then in many cases, you have > the keys to > > the kingdom and although MD5 is stronger than plain text > storage and > > would deter the casual hack, it is now known to be flawed and > > computing power these days means this flaw is more > exploitable than ever. > > SHA won't save you here.
Did I say it would? > And the new hashing standard from the folks who ran the AES > contest is about a decade away :-) That being the case, all the more reason to employ security in depth to secure your systems. Hash your passwords, encrypt your data, hash the hashes with alternate algorithms and store those instead of straight hashes, employ IDS, firewalls, AV, logging, SSL, IP/SEC... Going a bit OT now... I don't really care which bits of tech you choose to use, the point is that security of your passwords should be a consideration, but not the *only* one and if you are only relying on one technology to secure your systems, you might as well not bother as I think I'm right in saying that every technology I've mentioned has been known to have a flaw in some way or another at some point in time but not all of the technologies have been known to be flawed *at the same time*. Before anyone jumps on that statement, I am aware that every one of those technologies could still have undiscovered flaws and because of that, technically it would be possible to hack a very well protected system. All I can say to that is that it's all about the numbers, the more layers of security, the less chance of a hack happening. No system or algorithm should ever be considered 100% safe. Paul ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Macromedia ColdFusion MX7 Upgrade to MX7 & experience time-saving features, more productivity. http://www.adobe.com/products/coldfusion Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:272162 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
