Security Basics mailing list archives
Re: Password cracking
From: Jeffrey Walton <noloader () gmail com>
Date: Tue, 12 Jun 2012 16:54:59 -0400
On Tue, Jun 12, 2012 at 2:35 PM, <u-turn1 () gmx de> wrote:
In principle you take the password hash function itself as reduction function. You do not need to find the original password, but only some input which is hashed to the same value as the password.
Right, that's a collision and hence the reason MD5 has been unsuitable for years. It only had 2^64 theoretical bits of security in this domain, and it was eroded well below the baseline. It baffled me how the free software world embraced it so many years after it was shelved. And a call to action on GNU for secure coding standards was ignored (I wrote to the foundation personally when Savannah was hacked). Jeff ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Password cracking Yuri Nahum (Jun 11)
- Re: Password cracking Alonso Caballero Quezada / ReYDeS (Jun 11)
- RE: Password cracking Greg Merideth (Jun 11)
- Re: Password cracking Jerome Athias (Jun 11)
- Re: Password cracking Peter Thomas (Jun 13)
- Re: Password cracking Jerome Athias (Jun 11)
- <Possible follow-ups>
- Re: Password cracking u-turn1 (Jun 12)
- Re: Password cracking Jeffrey Walton (Jun 12)