Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 07 Jun 2005 01:42:19 -0300
From: "Alceu Rodrigues de Freitas Jr." <>
Subject: Re: using John to crack MD5 password with more than
 13 characters


Solar Designer wrote:

>Denis has already provided the correct answer to this question, so
>I'll only comment on some other related issues:
>On Thu, Jun 02, 2005 at 12:03:33PM -0300, Alceu R. de Freitas Jr. wrote:
>>I have an web application that uses MD5 and base64
>>encoding to protect users passwords.
>MD5 (as well as SHA1, etc.) is not intended to be used for password
>hashing, and it is quite bad at that, -- unless you wrap it in a
>higher-level algorithm which implements salts and multiple iterations
>(thousands to millions, -- preferably with the number encoded along
>with the hashes).
>For applications written in PHP, you can use my PHP password hashing
Thanks about your advices. My application really don't really uses PHP 
but JSP. :-)
Of course I would accept any idea about different algoritms to use with 
Java or Perl too.


Yahoo! Mail, cada vez melhor: agora com 1GB de espaço grátis!

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ