On Wed, Nov 02, 2005 at 16:01:19 -0500,
"Mark R. Dingee" <[EMAIL PROTECTED]> wrote:
> Thanks Bruno. I'm using a hash so I can merge info available in the HTTPS
> header with data I store on the server so that the hash can be reconstructed
> during the validation process from the raw elements.
Thanks Bruno. I'm using a hash so I can merge info available in the HTTPS
header with data I store on the server so that the hash can be reconstructed
during the validation process from the raw elements. Tom Lane reminded me of
using random seeds similar to what you are suggesting. I think I
On Tue, Nov 01, 2005 at 17:00:50 -0500,
"Mark R. Dingee" <[EMAIL PROTECTED]> wrote:
> Bruno,
>
> I use an authenticate() function as a part of state maintenance in a PHP web
> app. In the function, I generate an encrypted token that is then used in the
> validation process on subsequent pages
"Mark R. Dingee" <[EMAIL PROTECTED]> writes:
> The script I'm using to "break" md5 presumes that the cracker knows the 3
> elements being concatenated together to form the plain-text sting which is
> then passed into md5. The method I'm using then begins running through
> various permutations.
OK, you're not really "breaking" md5. If the attacker already knows
the information being encrypted, then all you're testing is the
concatenation order- Surely the information is more important than the
order? md5 is a one way hash function, and so using an alternate
algorithm will provide no benef
Mike & Tom,
The script I'm using to "break" md5 presumes that the cracker knows the 3
elements being concatenated together to form the plain-text sting which is
then passed into md5. The method I'm using then begins running through
various permutations. Do you believe that the methodology is
On Tue, 2005-11-01 at 17:13 -0500, Tom Lane wrote:
> "Mark R. Dingee" <[EMAIL PROTECTED]> writes:
> > md5 works, but I've been able to
> > brute-force crack it very quickly,
>
> Really? Where's your publication of this remarkable breakthrough?
I'd say you can't bruteforce md5, unless you're ext
"Mark R. Dingee" <[EMAIL PROTECTED]> writes:
> md5 works, but I've been able to
> brute-force crack it very quickly,
Really? Where's your publication of this remarkable breakthrough?
regards, tom lane
---(end of broadcast)
Bruno,
I use an authenticate() function as a part of state maintenance in a PHP web
app. In the function, I generate an encrypted token that is then used in the
validation process on subsequent pages. md5 works, but I've been able to
brute-force crack it very quickly, so I'm looking for an al
I'll check it out. Thanks, Josh
On Tuesday 01 November 2005 02:49 pm, Josh Berkus wrote:
> Mark,
>
> > I'm in need of a one-way pgsql script that will take a plain-text string
> > and return an ecrypted string (preferably 32 character) . I've been
> > using md5('string'), but I'm concerned it's
On Tue, Nov 01, 2005 at 14:38:05 -0500,
"Mark R. Dingee" <[EMAIL PROTECTED]> wrote:
> Everyone,
>
> I'm in need of a one-way pgsql script that will take a plain-text string and
> return an ecrypted string (preferably 32 character) . I've been using
> md5('string'), but I'm concerned it's too
Mark,
> I'm in need of a one-way pgsql script that will take a plain-text string
> and return an ecrypted string (preferably 32 character) . I've been
> using md5('string'), but I'm concerned it's too weak for my needs. Does
> anyone have any recommendations?
You check out pgcrypto in /contrib
Everyone,
I'm in need of a one-way pgsql script that will take a plain-text string and return an ecrypted string (preferably 32 character) . I've been using md5('string'), but I'm concerned it's too weak for my needs. Does anyone have any recommendations?
Thanks,
Mark
13 matches
Mail list logo
