Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Password management
Message
From
29/05/2013 00:36:36
Thomas Ganss (Online)
Main Trend
Frankfurt, Germany
 
 
To
28/05/2013 23:56:34
Gregory Adam
Belgium
General information
Forum:
ASP.NET
Category:
Other
Title:
Re: Password management
Environment versions
Environment:
VB 9.0
OS:
Windows 7
Network:
Windows 2003 Server
Database:
MS SQL Server
Application:
Web
Miscellaneous
Thread ID:
01574811
Message ID:
01575027
Views:
36
>>
>>Hmm...so it appears SHA1 is falling out of favor. SHA 2 (w/512 bit digest) is probably a better choice at this point.
>>Here's an interesting article about it:
>>http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/
>>
>>Still, it seems like maybe performing some translation or calculation on the salt before adding it to the password should help mitigate this somewhat. Just having the salt and password hash wouldn't be enough - you'd also need to know what the transform looked like on the salt (although I'd bet that if you could recover a few of them the transform would probably be easy to recover if you're not careful). Shrug - this encryption/hashing stuff is hard.
>
>
>I'm using md5 to calculate a hash of a password.

>
>I start off with the hash of the password. Then, I do a series of hashes where each new hash is done with the previous hash + a substring of the password
>The number of additional hashes depends on (1) the password length and (2) the byte value of each of the bytes modulo a number
>If you don't know how I hash, how can you crack it - I wonder


mmmh, but consider the case where the hacker has at least 1 couple of pwd and hash - his very own ? probably he'd fire up 20 or 666 new pwds just after finding an open door, to load the last entries with known data to get a chance at finding such things out ?
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform