Dave Cragg wrote: > On 13 Jun 2012, at 14:47, Richard Gaskin wrote: > >> MD5 has been known to be theoretically crackable for some years, >> and this has become a reality as noted in recent news: >> >> MD5 password scrambler 'no longer safe' ... > > I've read about this, but I'm still unclear about exactly what the > problem is. I understand that MD5 was "cracked" some years ago making > it unsuitable for use as a checksum. (Given the original data to > which MD5 is applied, it is possible to produce another set of data > that will produce the same MD5 checksum.) But this didn't affect > MD5's usefulness as a hashing method for passwords. From what I've > read, the recent problem is not that MD5 has been cracked, but that > it is too fast and therefore allows brute force attacks on lists of > hashed passwords, even those that have been salted. My first thought > was that applying MD5 twice or more times would perhaps increase its > security, but nowhere do I see this suggested as a solution. If > anyone can add any information or point out my probable > misunderstanding, I'd be very grateful.
I'm certainly no expert on hashing. I just do what I can to follow those who claim to know. The general feeling I get is that sha1 is considered a better choice than mg5, and since both are equally easy to use in LiveCode it makes no difference to me but somehow I sleep better.
Maybe it's like keeping the CGI engine in the root folder outside of the web directory - a friend of mine says it's like the subtle difference between quiche and egg pie.
:) -- Richard Gaskin Fourth World LiveCode training and consulting: http://www.fourthworld.com Webzine for LiveCode developers: http://www.LiveCodeJournal.com Follow me on Twitter: http://twitter.com/FourthWorldSys _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
