The problem with 'Hackish' is that this thread calls for 'best practice'... :-)
On 6/11/2008, at 6:58 PM, Karl wrote: > > On 6/11/2008 at 6:01 p.m. James McGlinn wrote: > >> Hi Karl, >> How is double md5 hashing your string any more secure than hashing it >> once? Other than your attacker having to compare your database >> with a >> double hashed rainbow table instead of a single hashed table of >> course >> (which would be trivial)... > > OK, trivial being a relative term, I'll give you that... but it > would remove the effectiveness of such tools as the MD5 Dictionary > and variants... > > And it might slow down a hacker plenty if you combine SHA-variant > with MD5... > >> It strikes me you've just increased your chance of hash collisions >> for >> no significant increase in security. > > Again, will give you that, only in so far as it is a relative > assessment. > > ps. > > Aaron: And what's wrong with 'Hackish' if it works? Improvisation > is the heart of creativity. > > Berend: OK, maybe not 100% unbeatable... but perhaps 97% annoying > for the hackers... enough that they would sod off and leave us > alone... Even a yard full of pitbulls won't stop a determined > burglar, but it'll sure deter the neighbourhood delinquents... > > --~--~---------~--~----~------------~-------~--~----~ NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [EMAIL PROTECTED] -~----------~----~----~----~------~----~------~--~---
