View Single Post
  #1   (View Single Post)  
Old 23rd June 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default Storing passwords in uncrackable form

From http://h-online.com/-1255576
Quote:
To prevent passwords from being extracted, web site operators usually protect their users' passwords through such cryptographic techniques as one-way hashing. For this purpose, a character string that doesn't allow any conclusions to be drawn about the actual password is derived from the password. The only way of finding out whether a password matches a hash is to rehash the password and compare the results. This method is used by the authentication systems of operating systems and web applications – and also by password crackers.

MD5 hashing was long considered sufficiently resilient for this purpose, because the time that is required to try out all possible combinations made it difficult for attackers to reconstruct a password from a hash. With a strong password, trying out all password combinations (brute force attack) using a cracker such as John the Ripper on conventional hardware used to take months, if not years. But times have changed.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote