Encryption Algorithm
-
Hi there I am encrypting passwords to a database and wish to use the .NET framework to encrypt them. I know that MD5 and SHA-1 have been compromised. However for the purpose of passwords in a database how weak are they? If they are too weak what is another decent algorithm? Thanks Dan
-
Hi there I am encrypting passwords to a database and wish to use the .NET framework to encrypt them. I know that MD5 and SHA-1 have been compromised. However for the purpose of passwords in a database how weak are they? If they are too weak what is another decent algorithm? Thanks Dan
Hi I am David. The MD5 and SHA-1 are strong et but why risc, use SHA-2 [SHA-256,SHA-384,SHA-512], I recomen SHA-512, I have code of SHA and it is good one, but I forget the author name, if you wont code send me mail to baga_dato@yahoo.com. [C++] and See http://www.csrc.nist.gov/pki/HashWorkshop/NIST%20Statement/Burr_Apr2006.html[^] it will help you. :)
-
Hi there I am encrypting passwords to a database and wish to use the .NET framework to encrypt them. I know that MD5 and SHA-1 have been compromised. However for the purpose of passwords in a database how weak are they? If they are too weak what is another decent algorithm? Thanks Dan
You can use CRC(Cyclic redundacncy code) but that is for check . i have no idea whether it can use for encryption Subhash jain (Sundyne Technologies pvt. ltd.- 604,B wing,Trade world Lower parel Mumbai)
-
Hi there I am encrypting passwords to a database and wish to use the .NET framework to encrypt them. I know that MD5 and SHA-1 have been compromised. However for the purpose of passwords in a database how weak are they? If they are too weak what is another decent algorithm? Thanks Dan
Depends on how secure you need the password to be, if the server is resonably secure then I don't think (might be wrong) that you'll need to bother with more expensive hashes, if MD5 is slightly compromised but offers considerable performance advantages over SHA512 say then if the server's fairly secure why waste time performing all those extra calculations which are not needed?
-
Depends on how secure you need the password to be, if the server is resonably secure then I don't think (might be wrong) that you'll need to bother with more expensive hashes, if MD5 is slightly compromised but offers considerable performance advantages over SHA512 say then if the server's fairly secure why waste time performing all those extra calculations which are not needed?
-
Hi there I am encrypting passwords to a database and wish to use the .NET framework to encrypt them. I know that MD5 and SHA-1 have been compromised. However for the purpose of passwords in a database how weak are they? If they are too weak what is another decent algorithm? Thanks Dan
DanB1983 wrote:
I am encrypting passwords to a database and wish to use the .NET framework to encrypt them.
Your actually 'hashing' them.
DanB1983 wrote:
I know that MD5 and SHA-1 have been compromised. However for the purpose of passwords in a database how weak are they? If they are too weak what is another decent algorithm?
I am not sure what you think the weakness here is. For databases, you hash the password and store that. I am assuming your getting a hashed password from somewhere else and comparing that to the hash in the database. If this is the case and the hash is being transported securely than I am not sure what the concern is...
Finding Allah Surah AlHaaqa(The Reality) Surah Qaf Eid Alfitr
-
DanB1983 wrote:
I am encrypting passwords to a database and wish to use the .NET framework to encrypt them.
Your actually 'hashing' them.
DanB1983 wrote:
I know that MD5 and SHA-1 have been compromised. However for the purpose of passwords in a database how weak are they? If they are too weak what is another decent algorithm?
I am not sure what you think the weakness here is. For databases, you hash the password and store that. I am assuming your getting a hashed password from somewhere else and comparing that to the hash in the database. If this is the case and the hash is being transported securely than I am not sure what the concern is...
Finding Allah Surah AlHaaqa(The Reality) Surah Qaf Eid Alfitr
A.A. wrote:
DanB1983 wrote: I know that MD5 and SHA-1 have been compromised. However for the purpose of passwords in a database how weak are they? If they are too weak what is another decent algorithm? I am not sure what you think the weakness here is. For databases, you hash the password and store that. I am assuming your getting a hashed password from somewhere else and comparing that to the hash in the database. If this is the case and the hash is being transported securely than I am not sure what the concern is...
Improved crytopgraphic attack methods and faster CPUs are increasing the likelyhood that they'll become vulnerable to bruteforce attacks in the semi-near future. Better algorythms include the SHA variants with longer bit lengths.
-- Rules of thumb should not be taken for the whole hand.
-
A.A. wrote:
DanB1983 wrote: I know that MD5 and SHA-1 have been compromised. However for the purpose of passwords in a database how weak are they? If they are too weak what is another decent algorithm? I am not sure what you think the weakness here is. For databases, you hash the password and store that. I am assuming your getting a hashed password from somewhere else and comparing that to the hash in the database. If this is the case and the hash is being transported securely than I am not sure what the concern is...
Improved crytopgraphic attack methods and faster CPUs are increasing the likelyhood that they'll become vulnerable to bruteforce attacks in the semi-near future. Better algorythms include the SHA variants with longer bit lengths.
-- Rules of thumb should not be taken for the whole hand.
dan neely wrote:
Improved crytopgraphic attack methods and faster CPUs are increasing the likelyhood that they'll become vulnerable to bruteforce attacks in the semi-near future. Better algorythms include the SHA variants with longer bit lengths.
I am aware of this (fyi: its not so much as bruteforce as finding collisions in hashes produced by different documents) , I don't see the relevance to his problem though, because the hashes are compared on the DB side anyway.
Finding Allah Surah AlHaaqa(The Reality) Surah Qaf Eid Alfitr
-
Hi there I am encrypting passwords to a database and wish to use the .NET framework to encrypt them. I know that MD5 and SHA-1 have been compromised. However for the purpose of passwords in a database how weak are they? If they are too weak what is another decent algorithm? Thanks Dan
If you are designing the authentication protocol try this: Rmt: I want authorization Host: Use this 64-bit random number Rmt: append 64 bits to users password and run MD5/SHA-1/whatever and send hash to host Host: run same hash algorithm and compare hashes For more host side security only store hash of password. Rmt response must compute password hash (the one the host has stored) and append the 64 bits to that then run the final hash and send it off to the host. In either case someone monitoring the entire data flow learns nothing about the actual key. Replay attacks are also foiled. A similar approach would work with reasonably smart RFID chips.
-
dan neely wrote:
Improved crytopgraphic attack methods and faster CPUs are increasing the likelyhood that they'll become vulnerable to bruteforce attacks in the semi-near future. Better algorythms include the SHA variants with longer bit lengths.
I am aware of this (fyi: its not so much as bruteforce as finding collisions in hashes produced by different documents) , I don't see the relevance to his problem though, because the hashes are compared on the DB side anyway.
Finding Allah Surah AlHaaqa(The Reality) Surah Qaf Eid Alfitr
thanks: https://movied.org
-
DanB1983 wrote:
I am encrypting passwords to a database and wish to use the .NET framework to encrypt them.
Your actually 'hashing' them.
DanB1983 wrote:
I know that MD5 and SHA-1 have been compromised. However for the purpose of passwords in a database how weak are they? If they are too weak what is another decent algorithm?
I am not sure what you think the weakness here is. For databases, you hash the password and store that. I am assuming your getting a hashed password from somewhere else and comparing that to the hash in the database. If this is the case and the hash is being transported securely than I am not sure what the concern is...
Finding Allah Surah AlHaaqa(The Reality) Surah Qaf Eid Alfitr
thanks: https://movied.org
-
If you are designing the authentication protocol try this: Rmt: I want authorization Host: Use this 64-bit random number Rmt: append 64 bits to users password and run MD5/SHA-1/whatever and send hash to host Host: run same hash algorithm and compare hashes For more host side security only store hash of password. Rmt response must compute password hash (the one the host has stored) and append the 64 bits to that then run the final hash and send it off to the host. In either case someone monitoring the entire data flow learns nothing about the actual key. Replay attacks are also foiled. A similar approach would work with reasonably smart RFID chips.
thanks: https://movied.org
-
A.A. wrote:
DanB1983 wrote: I know that MD5 and SHA-1 have been compromised. However for the purpose of passwords in a database how weak are they? If they are too weak what is another decent algorithm? I am not sure what you think the weakness here is. For databases, you hash the password and store that. I am assuming your getting a hashed password from somewhere else and comparing that to the hash in the database. If this is the case and the hash is being transported securely than I am not sure what the concern is...
Improved crytopgraphic attack methods and faster CPUs are increasing the likelyhood that they'll become vulnerable to bruteforce attacks in the semi-near future. Better algorythms include the SHA variants with longer bit lengths.
-- Rules of thumb should not be taken for the whole hand.
thanks: https://movied.org
-
Depends on how secure you need the password to be, if the server is resonably secure then I don't think (might be wrong) that you'll need to bother with more expensive hashes, if MD5 is slightly compromised but offers considerable performance advantages over SHA512 say then if the server's fairly secure why waste time performing all those extra calculations which are not needed?
thanks: https://movied.org
-
Hi, It is more than correct... it is pointless to use SHA-2, 512 for Intranet database, knowing that no "elite hackers" are working in your company. I use MD5 for intranet CRM/ASM database and its speed and size is preferred. Regards
thanks: https://movied.org
-
Hi I am David. The MD5 and SHA-1 are strong et but why risc, use SHA-2 [SHA-256,SHA-384,SHA-512], I recomen SHA-512, I have code of SHA and it is good one, but I forget the author name, if you wont code send me mail to baga_dato@yahoo.com. [C++] and See http://www.csrc.nist.gov/pki/HashWorkshop/NIST%20Statement/Burr_Apr2006.html[^] it will help you. :)
thanks: https://movied.org
-
Hi there I am encrypting passwords to a database and wish to use the .NET framework to encrypt them. I know that MD5 and SHA-1 have been compromised. However for the purpose of passwords in a database how weak are they? If they are too weak what is another decent algorithm? Thanks Dan
thanks: https://movied.org
-
You can use CRC(Cyclic redundacncy code) but that is for check . i have no idea whether it can use for encryption Subhash jain (Sundyne Technologies pvt. ltd.- 604,B wing,Trade world Lower parel Mumbai)
thanks: https://movied.org