SHA-1 "cracked"
Moderator: General Moderators
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
As long as you're using decent salts, I have no major problem with people continuing to use md5() or sha1() for a while longer. However as computer processing power because more and more powerful, I would suggest moving away from the more collision prone hashes to larger hashes. Equally, the more secure a site should be, the larger a hash you should be going for.
And of course, never ever ever double hash.
And of course, never ever ever double hash.
- Kieran Huggins
- DevNet Master
- Posts: 3635
- Joined: Wed Dec 06, 2006 4:14 pm
- Location: Toronto, Canada
- Contact:
- Kieran Huggins
- DevNet Master
- Posts: 3635
- Joined: Wed Dec 06, 2006 4:14 pm
- Location: Toronto, Canada
- Contact:
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
A double hash simply decreases the entropy. I'd rather not rehash the same discussion, so have a look at the following:
viewtopic.php?t=54132
viewtopic.php?t=50944
viewtopic.php?t=49803
viewtopic.php?t=45069
viewtopic.php?t=37210
viewtopic.php?t=39096
viewtopic.php?t=54132
viewtopic.php?t=50944
viewtopic.php?t=49803
viewtopic.php?t=45069
viewtopic.php?t=37210
viewtopic.php?t=39096
- Kieran Huggins
- DevNet Master
- Posts: 3635
- Joined: Wed Dec 06, 2006 4:14 pm
- Location: Toronto, Canada
- Contact: