Security Basics mailing list archives
RE: Hashing passwords
From: Dave Kleiman <dave () davekleiman com>
Date: Tue, 12 Jun 2012 13:03:18 -0500
Haz, Do you mean to compare how salting and hash against hashing multiple times and how long it would take to brute force each? Respectfully, Dave Kleiman - http://www.ComputerForensicsLLC.com - http://www.DaveKleiman.com 4371 Northlake Blvd #314 Palm Beach Gardens, FL 33410 561.310.8801 -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Jennifer Wachter Sent: Tuesday, June 12, 2012 09:51 To: haZard0us Cc: security-basics () securityfocus com Subject: Re: Hashing passwords -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I know that and you probably misread the question or my explanation was not clear enough. My question was: is hashing two or three times (without a salt) a secure method or is it as secure as hashing only one time without salt?
Oh sorry, I really misunderstood your question.
As far as i understood, it can significally improve the secure of the "clear text" passwords but, with a reaaaaaaally big hash db, you can crack it. I do agree with you when you say that it will give the same hash for same passwords, even if i hash it infinite times. So i guess that I'll have to study the security/performance effects of such measure. Maybe one day I'll present it to the world. Thanks all for the answers. I'm really grateful. --haZ
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJP10laAAoJEAxfDBT+GENjoQ0H/iyumVT9x1eoO7OTCAWIMxZe gOl/gY/Ibcx/U7xkCL+4A2wP8Vn9duZSbPOnVT/ikRuXV9/7O1AG8Ea/mGW+kmAP VmMLxBdhUafeu8/+AU5VnDUTTD/eGYjD4IaRA7FdY82eQCF5gZv3A5KzDHKm7HR8 DxjctQ6ifq6DZf6BBfIqOJp2wJ2lq5xRC6e/a54V1fdEJgAgPdDxMdt5tgBrf/ZM 7vqpjF6an8BUO/s4YIJm6rcCs6OhDq7kNVvtKanwIFYiH4yE5s3vShJjkJ9k/yZL mbf0cdsZuTEO6I8XZpstwHx7kQYrI8yMm9+OI/JI1i4HQ9RbViYG9A+AprbKqAY= =4Nke -----END PGP SIGNATURE----- ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: Hashing passwords, (continued)
- Re: Hashing passwords Ansgar Wiechers (Jun 13)
- Re: Hashing passwords Kurt Buff (Jun 13)
- Re: Hashing passwords Alexander Klimov (Jun 13)
- RE: Hashing passwords Mikhail A. Utin (Jun 13)
- Re: Hashing passwords Kai Wirt (Jun 13)
- Re: Hashing passwords Kai Wirt (Jun 11)
- Re: Hashing passwords gold flake (Jun 12)
- Re: Hashing passwords Kai Wirt (Jun 12)
- Message not available
- Re: Hashing passwords Jennifer Wachter (Jun 12)
- RE: Hashing passwords Dave Kleiman (Jun 12)