I didn't look at your code, but from what I remember oplop is a silly scheme:
1. Doesn't strengthen the password (Uses MD5 instead of PBKDF2, scrypt,...)
2. No clean domain separation between username and password
3. The algorithm that ensures that the password contains numbers is really weird
Jeffrey Walton noloa...@gmail.com writes:
I'm trying to figure out why folks like Adobe (who know better and have the
resources) are still using unsalted MD5.
It's Adobe, you don't even need to go after their passwords, just convince an
employee there to click on a PDF attachment or view a Flash
Thanks.
The fact that MD5 is fast is indeed an issue I've overlooked (although I
understand this issue falls under ugly but not too dangerous, I think the
exploding tire example at crypto.se conveys how ugly it is).
The problem is that I'm specifically looking for a reasonably-secure
backward
Hi Ian,
On Mon, Nov 19, 2012 at 5:24 AM, ianG i...@iang.org wrote:
On 19/11/12 18:19 PM, Jeffrey Walton wrote:
An Adobe break in does not surprise me.
Has anyone come across a paper on how to migrate an existing database
with, for example, unsalted MD5 hashes, to something more appropriate