WebApp Sec mailing list archives

Re: RE: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection)

From: mike () sharecube com
Date: 17 Aug 2005 12:18:14 -0000


The MD5 thread has become confused. The post originally began as a virtual keyboard thread.

Cyrill and other posters have it correctly. Web forms (client side) have the challenge of being visible, having to 
retain the password even if for fleeting moment in time, and computing the MD5 hash.

My point is that MD5 on web pages is not about security and does not increase security in the least.

Thanks,
Mike

Current thread:

Re: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection), (continued)
- Re: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection) Noam Eppel (Aug 16)
  - Re[2]: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection) Oleg Topchiy (Aug 17)
    - Re: Re[2]: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection) Chuck (Aug 17)
    - Re: MD5 Password encoding, "straight" vs "salted" hashes Peter Watkins (Aug 17)
  - Re: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection) Thomas Chiverton (Aug 17)
- RE: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection) Cyrill Osterwalder (Aug 17)
  - RE: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection) Bond Masuda (Aug 17)
  - Re: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection) Gary Gwin (Aug 18)
    - Re: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection) Jean-Jacques Halans (Aug 22)
    - Re: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection) Serban Ghita (Aug 23)
- Re: RE: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection) mike (Aug 17)