Security Basics mailing list archives
Re: MD5-Hash of a SHA-1-Hash unsecure?
From: jason.gerfen () gmail com
Date: 5 Dec 2008 17:00:31 -0000
So your just using the md5 hash as a unique IV? It might be a bit more secure to use something like rand() for your IV. If you were really going to do that correctly you would not transmit the sha1 hash at all. You could use that sha1 hash as a private key for the user (keep it stored on their machine as it is more secure then sending it over the wire) Then generate a md5 of the sha1 (private key) and transmit that to the server as a public key which can be shared with co-workers, friends etc. To generate a secure IV, I would use some more random like rand() or something equivalent. Just my two cents. http://phpdhcpadmin.sourceforge.net
Current thread:
- MD5-Hash of a SHA-1-Hash unsecure? Andre Pawlowski (Dec 05)
- RE: MD5-Hash of a SHA-1-Hash unsecure? David Gillett (Dec 08)
- Re: MD5-Hash of a SHA-1-Hash unsecure? Andre Pawlowski (Dec 08)
- Re: MD5-Hash of a SHA-1-Hash unsecure? Alexander Klimov (Dec 08)
- <Possible follow-ups>
- Re: MD5-Hash of a SHA-1-Hash unsecure? jason . gerfen (Dec 05)
- Re: MD5-Hash of a SHA-1-Hash unsecure? Tom Ritter (Dec 08)
- Re: Re: MD5-Hash of a SHA-1-Hash unsecure? asdfs (Dec 09)
- RE: MD5-Hash of a SHA-1-Hash unsecure? David Gillett (Dec 08)