Page 2 of 2

Posted: Tue Aug 06, 2002 4:43 pm
by Polar
Hi !

generally no of course :) nobody can't :) But there is some strange magic in that 3 symbols - MD5 :) Everybody trying to ise it in all possible and impossible places and beleive that more md5==more protection :) Whereas:
using md5 on client side and sending accross network passwors in md5 == storing not crypted plan text passwords in DB
It is easy to understand why (but for example i am lost too much time before understanding :)

Posted: Wed Aug 07, 2002 7:29 am
by llimllib
Just another reason not to use flash for a login script:
GetURL Post Method Fails
Send using POST fails in Netscape 6.0 on Mac OS 9.x. This issue is resolved with Netscape 6.2 using Flash Player 6 r40 or later.

Posted: Wed Aug 07, 2002 9:13 am
by BDKR
Hi Polar,

I just wanted to say that I hear what you're getting at about everybody thinking that md5 is this magic thing. By itself, it's good, but what we realize is that by itself, it's not enough. But don't throw the baby out with the bath water. There are a lot of things that need to be done in conjunction with the use of md5. The amount of thought that you've put into the system as a whole is impressive! On the other hand, all i've done is focus squarely on login security and an alternative to PHP's built in sessions.

So, you are more than 100% correct when you say that md5 is thought of too highly. It's just a start. It must be part of a system as a whole.

Later on,
BDKR

Posted: Wed Aug 07, 2002 9:16 am
by hob_goblin
also, md5 is just a simple way to encrypt, we could all use crypt() or other functions to do it... but md5 seems the most popular

Posted: Wed Aug 07, 2002 11:07 am
by BDKR
hob_goblin wrote:also, md5 is just a simple way to encrypt, we could all use crypt() or other functions to do it... but md5 seems the most popular
It's most correct to say that md5 is a hashing algorthm. Not encryption. Things like md5, sha1, sha2, and haval are great for hashing. If you are so interested, check out this page.

http://www.mirrors.wiretapped.net/secu ... y/hashes/

Of course, this is all in C, but it's interesting to look at it. Not having to define vars in php sure is nice. :twisted:

Later on,
BDKR

Posted: Wed Aug 14, 2002 5:43 pm
by Polar
Hi all!

Just want to say that beta 0.96 is available for downloading from http://polar-lights.com/hackerhunter/ and for looking inside :)