[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [glob2-devel] YOG hosting/diagnosis
From: |
Baptiste |
Subject: |
Re: [glob2-devel] YOG hosting/diagnosis |
Date: |
Sat, 16 Jul 2011 18:42:15 +0200 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Sat, Jul 16, 2011 at 10:51:08AM -0500, Austin H wrote:
> Having a random salt really does make it much harder to crack the
> passwords and I would highly recommend that. With a random salt they
> would have to attack each password individually rather than attacking
> them all as a group but a fixed salt will eliminate the use of rainbow
> tables.
>
> However, I am not sure of the purpose of hashing it twice. And by the
> way, please use sha256 or sha512 to avoid the collisions with sha1.
What's more, while there are rainbow tables for md5 and sha1, I don't
think there is anything serious for sha512 (such a table would be gigantic)
--
"C'est mieux, mais il y a plus cher ailleurs" :
____ _ _ _ _ ___ _
/ ___| \ | | | | | / / | (_)_ __ _ ___ __
| | _| \| | | | |/ /| | | | '_ \| | | \ \/ /
| |_| | |\ | |_| / / | |___| | | | | |_| |> <
\____|_| \_|\___/_/ |_____|_|_| |_|\__,_/_/\_\
GNU/Linux fan && Archlinux user