Thanks for that link Robin... yup, an interesting 'tool' that MD5 cracker...
However it failed almost every hash I threw at it that was longer than 8
chars, even common dictionary words. Not sure if it was a true 'common thread'
but I found that a hash it COULD crack became uncrackable if I took the
numerical component and placed it roughly in the middle, as opposed to start or
finish.
eg: 'niggle23' was cracked in no time flat, but 'nig23gle' was uncrackable.
I am thinking I might have to run the hashes stored in our database through
that 'tool' and those that fail get their "update your password time" flag
set... and update the page to include better advise on choosing stronger
passwords.
Does anyone know of an Apache module for SHA-256? The only one installed on
the shared server we use is SHA-1.
Cheers...
*********** REPLY SEPARATOR ***********
On 6/11/2008 at 3:18 p.m. Robin wrote:
And if you think that if your hashed (unsalted) passwords are safe take a look
at this site http://gdataonline.com/seekhash.php
Sha256 is more commonly known to be the best practice alogo
---
Karl
Senior Account Manager
www.KIWIreviews.co.nz ... Where Your Views Count
Please consider the environment before printing this email.
Supporting Palmerston North's Santa... see our Community Gold Project page:
http://www.KIWIreviews.co.nz/santa - To be seen on TVNZ's 'Mucking In' show!
--~--~---------~--~----~------------~-------~--~----~
NZ PHP Users Group: http://groups.google.com/group/nzphpug
To post, send email to [email protected]
To unsubscribe, send email to
[EMAIL PROTECTED]
-~----------~----~----~----~------~----~------~--~---
