On 6/11/2008 at 12:17 p.m. Harvey Kane wrote:
>The main purpose of salting is to prevent people from using MD5
>dictionaries to find passwords. The online hash dictionaries available
>are actually pretty damn effective on weak-medium passwords.
Or you just run the password thru MD5, then run the resulting hash
through again... even again... or again!
I'd like to see an MD5 dictionary that shows what a common word looks
like after a double/triple/quad-hash'ing loop.
Then again, there's always the SHA variants to consider... and the
nightmare for crackers that could be built by combining the two... pw -> MD5 ->
SHA-1 -> MD5 -> store in dbase...
>Nobody intentially leaves backups lying around, but cockups happen every
>day. It's nice to put some protection in place in case you make a cockup
>(for example I put my admin pages into robots.txt on the offchance there
>is a cockup with the login script)
...and adding:
Disallow: /*.zip$
Disallow: /*.gz$
Disallow: /*.tar$
...as applicable in there as well?
---
Karl
Senior Account Manager
www.KIWIreviews.co.nz ... Where Your Views Count
Please consider the environment before printing this email.
Supporting Palmerston North's Santa... see our Community Gold Project page:
http://www.KIWIreviews.co.nz/santa - To be seen on TVNZ's 'Mucking In' show!
--~--~---------~--~----~------------~-------~--~----~
NZ PHP Users Group: http://groups.google.com/group/nzphpug
To post, send email to [email protected]
To unsubscribe, send email to
[EMAIL PROTECTED]
-~----------~----~----~----~------~----~------~--~---
