[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 07 Jun 2005 01:42:19 -0300
From: "Alceu Rodrigues de Freitas Jr." <glasswalk3r@...oo.com.br>
To: john-users@...ts.openwall.com
Subject: Re: using John to crack MD5 password with more than
13 characters
Hello,
Solar Designer wrote:
>Denis has already provided the correct answer to this question, so
>I'll only comment on some other related issues:
>
>On Thu, Jun 02, 2005 at 12:03:33PM -0300, Alceu R. de Freitas Jr. wrote:
>
>
>>I have an web application that uses MD5 and base64
>>encoding to protect users passwords.
>>
>>
>
>MD5 (as well as SHA1, etc.) is not intended to be used for password
>hashing, and it is quite bad at that, -- unless you wrap it in a
>higher-level algorithm which implements salts and multiple iterations
>(thousands to millions, -- preferably with the number encoded along
>with the hashes).
>
>For applications written in PHP, you can use my PHP password hashing
>framework:
>
>
Thanks about your advices. My application really don't really uses PHP
but JSP. :-)
Of course I would accept any idea about different algoritms to use with
Java or Perl too.
Regards,
Alceu
____________________________________________________
Yahoo! Mail, cada vez melhor: agora com 1GB de espaço grátis! http://mail.yahoo.com.br
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ
