WebApp Sec mailing list archives
Re: Encrypted URL
From: "dreamwvr () dreamwvr com" <dreamwvr () dreamwvr com>
Date: Mon, 2 Feb 2004 10:26:53 -0700
On Mon, Feb 02, 2004 at 09:40:37AM +0000, Kenneth Peiruza wrote:
MD5 is a Hash-Resume algorithm, not a Cipher, so you can compare two codings IOT see if the result is the same, but there's no way to reverse it. So this shouldn't be usable unless you store a relation table between "$value" and its MD5 hash on the server.
Please, do not top post. It gets hard to follow the thread. Your Bang on! That is exactly my point in a previous mail that never got to the list. Since one way hashes are not reversable as long as the server knows what a UNIQUE hash means that is all that matters. That is the methodology I find works well for me. Having said that it does mean that one needs to query that .db for the meaning of each hash. However caching answers speeds results on the server side. There is the chance that someone can read what the hash means by reading the cache. Keep in mind they do have to be local which means they are already very dangerous if that is the case. The damage is already done in my opinion at that point. Regards, dreamwvr () dreamwvr com -- /* Security is a work in progress - dreamwvr */ # 48 69 65 72 6F 70 68 61 6E 74 32 # Note: To begin Journey type man afterboot,man help,man hier[.] # 66 6F 72 20 48 69 72 65 0000 0001 // "Who's Afraid of Schrodinger's Cat?" /var/(.)?mail/me \? ;-]
Current thread:
- Re: Encrypted URL, (continued)
- Re: Encrypted URL Adam Tuliper (Jan 30)
- Re: Encrypted URL Tim Greer (Jan 30)
- Re: Encrypted URL dreamwvr () dreamwvr com (Jan 30)
- RE: Encrypted URL Bryan Murphy (Jan 30)
- Re: Encrypted URL Lars Johannesen (Jan 30)
- Re: Encrypted URL B. Johannessen (Jan 30)
- Re: Encrypted URL Stephen de Vries (Jan 30)
- Re: Encrypted URL B. Johannessen (Jan 30)
- Re: Encrypted URL Michael Ströder (Feb 02)
- Re: Encrypted URL Kenneth Peiruza (Feb 02)
- Re: Encrypted URL dreamwvr () dreamwvr com (Feb 02)
- Re: Encrypted URL Stephen de Vries (Jan 30)
- Re: Encrypted URL Kenneth Peiruza (Jan 30)
- Re: Encrypted URL Ulf Härnhammar (Jan 30)
- Re: Encrypted URL Daniel Souza (Jan 30)
- Re: Encrypted URL David Wall @ Yozons, Inc. (Jan 31)
- RE: Encrypted URL Hephaestus (Jan 30)
- Re: Encrypted URL Daniel Souza (Jan 30)
- Re: Encrypted URL Fogbound Child (Jan 30)
- RE: Encrypted URL scott wood (Jan 30)
- Re: Encrypted URL Mark Curphey (Jan 30)
- Re: Encrypted URL gcb33 (Jan 31)
- RE: Encrypted URL Scovetta, Michael V (Jan 31)
(Thread continues...)