Hence the need for salt I think. CF7's improved hashing algorithm
support could be considerdd reason enough right there to upgrade,
otherwise.
--
--mattRobertson--
Janitor, MSB Web Systems
mysecretbase.com
~|
Logware (www.logwa
> Hashes need not be 32-bit. Hashes created using MD5, the default algorithm
> used by CFMX, are 128-bit, 32 character strings. CFMX 7 supports SHA-1,
> SHA-256, SHA-384 and SHA-512 out of the box, plus you can use
> hash functions
> provided by any Java security provider you install. SHA-1 creates
> Having said that, the way I understand it, a hash is 32-bit,
> so there are finite number of possible hash values.
Hashes need not be 32-bit. Hashes created using MD5, the default algorithm
used by CFMX, are 128-bit, 32 character strings. CFMX 7 supports SHA-1,
SHA-256, SHA-384 and SHA-512 out
Dave Merrill wrote:
> Nice explanation Jim (:-)
>
> It's sometimes hard for people to understand this basic concept. That was
> the simplest, clearest, most common-sense take on hashing I've seen. I'll
> remember it if I need to go through this with a client.
I can do better:
Hashing text
> -Original Message-
> From: Justin D. Scott [mailto:[EMAIL PROTECTED]
> Sent: Sunday, May 08, 2005 1:28 PM
> To: CF-Talk
> Subject: RE: HASH() reverse
>
> > > So you might find your hash in the rainbow
> > > tables, but the original string still might
> > So you might find your hash in the rainbow
> > tables, but the original string still might not match.
>
> True, but in most cases where a hash is used, it doesn't
> matter; all you need is some string that results in the
> same hash. That'd be typical for a password system, for
> instance.
O
> So you might find your hash in the rainbow
> tables, but the original string still might not match.
True, but in most cases where a hash is used, it doesn't matter; all you
need is some string that results in the same hash. That'd be typical for a
password system, for instance.
If the original
On Sunday 08 May 2005 16:54, Robert Munn wrote:
> process. By searching the rainbow tables, you can find possible matches to
> your hashed value and so find what the original string might be.
Indeed, it's a classic time/space trade of problem.
If you use several DVD's of precomputed data, you 'bre
As others have pointed out, you can't reverse the hash(), but hackers have
started using something called rainbow tables, which are huge indexes of stored
hash values, to compare hashed values against as a shortcut in the process. By
searching the rainbow tables, you can find possible matches to
> -Original Message-
> From: Thomas Chiverton [mailto:[EMAIL PROTECTED]
> Sent: Saturday, May 07, 2005 10:25 AM
> To: CF-Talk
> Subject: Re: HASH() reverse
>
> On Saturday 07 May 2005 14:23, James Holmes wrote:
> > possible fingerprints. He showed that th
On Saturday 07 May 2005 14:23, James Holmes wrote:
> possible fingerprints. He showed that there are at least 64 billion
> fingerprints possible. Given that this is larger than the number of people
Firstly, of that space, not all possible combinations will occur.
Secondly, there have been some ver
To: CF-Talk
Subject: Re: HASH() reverse
On Saturday 07 May 2005 12:59, James Holmes wrote:
> literally though, as people's fingerprints are unique while hashes are
not.
Bzzt.
Finderprints aren't unique in any meaningful sense.
On Saturday 07 May 2005 12:59, James Holmes wrote:
> literally though, as people's fingerprints are unique while hashes are not.
Bzzt.
Finderprints aren't unique in any meaningful sense.
--
Tom Chiverton
Advanced ColdFusion Programmer
~~
o: CF-Talk
Subject: RE: HASH() reverse
> A common mistake is too think of hashes as "encryption" - they're not.
> They don't represent the source. It's better to think of a hash as a
> "Fingerprint".
>
> There is no way, using a fingerprint, to reco
> A common mistake is too think of hashes as "encryption" - they're
> not. They
> don't represent the source. It's better to think of a hash as a
> "Fingerprint".
>
> There is no way, using a fingerprint, to reconstruct the finger which made
> it. That information isn't represented by the finger
-- Original Message -
From: "Jochem van Dieten" <[EMAIL PROTECTED]>
To: "CF-Talk"
Sent: Friday, May 06, 2005 10:26 PM
Subject: Re: HASH() reverse
> Asim Manzur wrote:
> > So, it means there is no software/tool available for reversing the
> hash() value?
> >
Asim Manzur wrote:
> So, it means there is no software/tool available for reversing the hash()
> value?
> Anybody aware anything about it?
"As a particular example, a $10 million custom machine for
applying parallel collision search to the MD5 hash function could
complete an attack with an expe
> -Original Message-
> From: Asim Manzur [mailto:[EMAIL PROTECTED]
> Sent: Friday, May 06, 2005 4:45 PM
> To: CF-Talk
> Subject: Re: HASH() reverse
>
> So, it means there is no software/tool available for reversing the hash()
> value?
> Anybody aware anything
In as much seriousness as I can manage, that actually doesn't look too much
like a hash to me
> xc231vx231cx2v1x2cv132xc1v23
- Original Message -
From: "Asim Manzur" <[EMAIL PROTECTED]>
To: "CF-Talk"
Sent: Friday, May 06, 2005 9:45 PM
Subject: R
> So, it means there is no software/tool available for
> reversing the hash() value?
The availability of such a tool would nullify the value of being able to
hash in the first place - it would demonstrate that the hashing algorithm
and/or hashing process is broken and therefore useless. The entir
: HASH() reverse
So, it means there is no software/tool available for reversing the
hash() value?
Anybody aware anything about it?
is there any possiblity to reverse the hash()
I have a value 1xc231vx231cx2v1x2cv132xc1v23 thats hash, how can I
revert back into the normal text.
Thanks
Hey - that one is easy - it is 'make mine a large one' in plain text :-)
- Original Message -
From: "Asim Manzur" <[EMAIL PROTECTED]>
To: "CF-Talk"
Sent: Friday, May 06, 2005 9:31 PM
Subject: HASH() reverse
> is there any possiblity to
So, it means there is no software/tool available for reversing the hash() value?
Anybody aware anything about it?
is there any possiblity to reverse the hash()
I have a value 1xc231vx231cx2v1x2cv132xc1v23 thats hash, how can I
revert back into the normal text.
Thanks
--
Regards,
--
Regards
> is there any possiblity to reverse the hash()
> I have a value 1xc231vx231cx2v1x2cv132xc1v23 thats hash,
> how can I
> revert back into the normal text.
> Thanks
Well the idea behind hash it that it's not supposed to be reversible.
Hence it's more secure since you can only pass validation (use
> is there any possiblity to reverse the hash()
>
> I have a value 1xc231vx231cx2v1x2cv132xc1v23 thats hash, how can I
> revert back into the normal text.
The whole point of using a hash is that you cannot retrieve the original
value from the hash. You can only compare other values to the origina
is there any possiblity to reverse the hash()
I have a value 1xc231vx231cx2v1x2cv132xc1v23 thats hash, how can I
revert back into the normal text.
Thanks
--
Regards,
~|
Discover CFTicket - The leading ColdFusion Help Desk and
26 matches
Mail list logo
