On Thu, May 6, 2010 at 1:15 PM, Anthony Papillion <papill...@gmail.com> wrote: > An attacker could determine an MD5 or SHA1 password through a simple > dictionary attack. So, in essence, the encryption is useless.
Yes, current CUDA setups can calculate a billion SHA1's per second. Dictionary attacks against salted hashes are pretty easy these days. > My current method is to concatenate the username+password+username and > then either MD5 or SHA1 that and store that as the password in the > database. This doesn't do very much. It is little more than a weak salt. > But, really, is this anymore secure to a sophisticated, > thinking attacker? Use bcrypt. It is tunable so can make it so each hash check takes .1 seconds. This makes a dictionary attack a huge pain in the ass, but your login page will still be plenty responsive. > Perhaps the only way > to mitigate the risk is to institute a 3 strikes policy (which pisses > users off but is secure) This is a DoS nightmare. I can trash your system by trying to sign in as every user incorrectly 3 times. It is also completely orthogonal to the hash choice. Hashing is so the attacker can't get the passwords if the database is compromised. > and to them change the users password to some > absolutely random 50 digit gobbledygook string of characters. This is fine if you don't want people to use your system. -John C. _______________________________________________ New York PHP Users Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/Show-Participation
