Re: Password cracking

[Jeffrey Walton <noloader () gmail com>]

On Tue, Jun 12, 2012 at 2:35 PM,  <u-turn1 () gmx de> wrote:
> In principle you take the password hash function itself as reduction function.
> You do not need to find the original password, but only some input which is
> hashed to the same value as the password.
Right, that's a collision and hence the reason MD5 has been unsuitable
for years. It only had 2^64 theoretical bits of security in this
domain, and it was eroded well below the baseline. It baffled me how
the free software world embraced it so many years after it was
shelved.

And a call to action on GNU for secure coding standards was ignored (I
wrote to the foundation personally when Savannah was hacked).

Jeff

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------