October 24, 200718 yr I was just wondering if, for things like user password fields, it was possible to double md5 hash a string. There's plenty of md5 decrypters out there, just with google, but would this be practical? Would it do anything? Last.fm Signature Overlays
October 25, 200718 yr its possible , but not really necessary. Yes it would change the hash , but as md5 becomes more and more vulnerable, it will barely slow anything down. I like to fart silently but deadly in movie theatersArd Choille says (11:41 PM):I wouldn't dare tell you what to do m'dear
October 25, 200718 yr Author So any recommendations on good hashes, password protection with db's in general? Last.fm Signature Overlays
October 25, 200718 yr I know it sounds stupid, but don't allow access to your database :P thats the ONLY effective defense. And as you can tell from the recent little oops , its VERY easy to miss something when writing a script so ALWAYS sanitize your input. You might want to check this article out though , its rather informative and might help you decide on an alternative http://it.slashdot.org/article.pl?sid=0 ... 2&from=rss I like to fart silently but deadly in movie theatersArd Choille says (11:41 PM):I wouldn't dare tell you what to do m'dear
October 25, 200718 yr There's plenty of md5 decrypters out thereNot strictly true. there are websites that have a list of words and thier equivalent md5 hash but there is no formular to reverse an md5 string itself. banana = 72b302bf297a228a75730123efef7c41 (very easy for a dictionary to get) Banana = e6f9c347672daae5a2557ae118f44a1e (capital B creates a completely new unique string) B4n4n4 = e112e3b90b31b6c4993e71bf67c624a5 (replacing letters with numbers again creates a new string) B4nan4z! = 452ed7e654e66d745b9470218c74755e (non dictionary word, letters and numbers with special characghters '!' creates a password which is incredibly hard for an md5 database to guess at) There is no point in double md5ing a password, just make a better password up and youll have no problem. The reason why ppl got their passwords guessed before was because it was too easy, ie no numbers all lowercase etc. Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12
Create an account or sign in to comment