[pLog-svn] Salted MD5
Reto Hugi
plog at hugi.to
Mon Mar 10 07:25:18 EDT 2008
Hi Mark
I welcome your suggestion and think that this is valuable protection
against rainbow table attacks.
We already had an issue with the revealed admin password hash. This
would have been less severe with the saltet md5.
Thanks for suggesting!
reto
Mark Wu wrote:
> Hi All:
>
> I plan to upgrade our password algorithm to salted MD5, take the
> following for eaxample:
>
> sha1(md5($password) + user_defined_private_key);
>
> I will also remain an option in lifetype admin panel for user to use the
> old MD5 way to keep compatability.
>
> If we use the algorithm above, It is also possible to convert the old
> hashed password to new hased password.
>
> How do you think?
>
> http://kuza55.blogspot.com/2006/10/online-reverse-lookup-tables-for.html
>
> These kind of online reverse lookup table sites making the MD5 only
> algorithm more dangerous.
>
> Mark
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
More information about the pLog-svn
mailing list