SHA-1 "cracked"

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

As long as you're using decent salts, I have no major problem with people continuing to use md5() or sha1() for a while longer. However as computer processing power because more and more powerful, I would suggest moving away from the more collision prone hashes to larger hashes. Equally, the more secure a site should be, the larger a hash you should be going for.

And of course, never ever ever double hash.
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

feyd wrote:And of course, never ever ever double hash.
im gonna do it just to spite you :twisted:
User avatar
Kieran Huggins
DevNet Master
Posts: 3635
Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:

Post by Kieran Huggins »

sounds like a McDonalds breakfast upgrade...
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

feyd wrote:And of course, never ever ever double hash.
thanks for that feyd... I remember doing that a while back... because to me it seemed logical. :oops:
User avatar
Kieran Huggins
DevNet Master
Posts: 3635
Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:

Post by Kieran Huggins »

what's the danger in a double hash?

I presume you mean hash(hash($something))
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Post by Mordred »

Or here it is as a nursery rhyme (better fit for newbie developers, eh ;) ) (last word is stressed)

Never-never ever-ever double-double hash!
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

I'm assuming it has something to do with the fact that a hash has less available characters so it's easier to predict or something? feyd... help me out here. :?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

A double hash simply decreases the entropy. I'd rather not rehash the same discussion, so have a look at the following:

viewtopic.php?t=54132
viewtopic.php?t=50944
viewtopic.php?t=49803
viewtopic.php?t=45069
viewtopic.php?t=37210
viewtopic.php?t=39096
User avatar
Kieran Huggins
DevNet Master
Posts: 3635
Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:

Post by Kieran Huggins »

feyd wrote:...I'd rather not rehash...
8O

Isn't that what we're talking about already? rehashing?

Thanks for the links - I got it now :wink:
Post Reply