On 6/11/2008 at 6:01 p.m. James McGlinn wrote:
>Hi Karl,
>How is double md5 hashing your string any more secure than hashing it
>once? Other than your attacker having to compare your database with a
>double hashed rainbow table instead of a single hashed table of course
>(which would be trivial)...
OK, trivial being a relative term, I'll give you that... but it would
remove the effectiveness of such tools as the MD5 Dictionary and variants...
And it might slow down a hacker plenty if you combine SHA-variant with
MD5...
>It strikes me you've just increased your chance of hash collisions for
>no significant increase in security.
Again, will give you that, only in so far as it is a relative
assessment.
ps.
Aaron: And what's wrong with 'Hackish' if it works? Improvisation is
the heart of creativity.
Berend: OK, maybe not 100% unbeatable... but perhaps 97% annoying for
the hackers... enough that they would sod off and leave us alone... Even a yard
full of pitbulls won't stop a determined burglar, but it'll sure deter the
neighbourhood delinquents...
---
Karl
Senior Account Manager
www.KIWIreviews.co.nz ... Where Your Views Count
Please consider the environment before printing this email.
Supporting Palmerston North's Santa... see our Community Gold Project page:
http://www.KIWIreviews.co.nz/santa - To be seen on TVNZ's 'Mucking In' show!
--~--~---------~--~----~------------~-------~--~----~
NZ PHP Users Group: http://groups.google.com/group/nzphpug
To post, send email to [email protected]
To unsubscribe, send email to
[EMAIL PROTECTED]
-~----------~----~----~----~------~----~------~--~---
