Security Basics mailing list archives
Re: Hashing passwords
From: Jennifer Wachter <jenny () recurity-labs com>
Date: Tue, 12 Jun 2012 15:51:22 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I know that and you probably misread the question or my explanation was not clear enough. My question was: is hashing two or three times (without a salt) a secure method or is it as secure as hashing only one time without salt?
Oh sorry, I really misunderstood your question.
As far as i understood, it can significally improve the secure of the "clear text" passwords but, with a reaaaaaaally big hash db, you can crack it. I do agree with you when you say that it will give the same hash for same passwords, even if i hash it infinite times. So i guess that I'll have to study the security/performance effects of such measure. Maybe one day I'll present it to the world. Thanks all for the answers. I'm really grateful. --haZ
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJP10laAAoJEAxfDBT+GENjoQ0H/iyumVT9x1eoO7OTCAWIMxZe gOl/gY/Ibcx/U7xkCL+4A2wP8Vn9duZSbPOnVT/ikRuXV9/7O1AG8Ea/mGW+kmAP VmMLxBdhUafeu8/+AU5VnDUTTD/eGYjD4IaRA7FdY82eQCF5gZv3A5KzDHKm7HR8 DxjctQ6ifq6DZf6BBfIqOJp2wJ2lq5xRC6e/a54V1fdEJgAgPdDxMdt5tgBrf/ZM 7vqpjF6an8BUO/s4YIJm6rcCs6OhDq7kNVvtKanwIFYiH4yE5s3vShJjkJ9k/yZL mbf0cdsZuTEO6I8XZpstwHx7kQYrI8yMm9+OI/JI1i4HQ9RbViYG9A+AprbKqAY= =4Nke -----END PGP SIGNATURE----- ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: Hashing passwords, (continued)
- Re: Hashing passwords Kurt Buff (Jun 12)
- Re: Hashing passwords Ansgar Wiechers (Jun 13)
- Re: Hashing passwords Kurt Buff (Jun 13)
- Re: Hashing passwords Alexander Klimov (Jun 13)
- RE: Hashing passwords Mikhail A. Utin (Jun 13)
- Re: Hashing passwords Kai Wirt (Jun 13)
- Re: Hashing passwords gold flake (Jun 12)
- Re: Hashing passwords Kai Wirt (Jun 12)
- Message not available
- Re: Hashing passwords Jennifer Wachter (Jun 12)
- RE: Hashing passwords Dave Kleiman (Jun 12)