Hi everyone, > On 08 Nov 2015, at 00:08, Mark Wardle <m...@wardle.org> wrote: > > I’m using http://www.jasypt.org <http://www.jasypt.org/> Note that jasypt seems to use a default of "1000 times MD5" on the password, which depending on who you ask is not considered that secure anymore (still better than simple hashing though of course), especially as rainbow tables and GPUs help A LOT in cracking MD5 hashes more easily. Depending on the needs an attacker might even not try to crack the hash at all but just create a password that matches the same hash (collision). At least for new systems I would advise against using that for password protection as the algorithm can be parallelized very efficiently (which is what scrypt/bcrypt try to avoid on purpose to avoid being speed-cracked on GPUs for example).
Greetings Dennis -- ----------------------------------------------------- Dennis Bliefernicht • Backend Development T +49 40 357 3001 62 dennis.blieferni...@xyrality.com XYRALITY GmbH • Friedensallee 290 • 22763 Hamburg www.xyrality.com <http://www.xyrality.com/> Registergericht: Hamburg HRB 115332 Geschäftsführer: Sven Ossenbrüggen -----------------------------------------------------
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
