Hello,
Hi Anthony,
MD5 and SHA1 password hashes are considered weak. You are correct that
someone got a hold of your hashes they could use a dictionary of
common passwords to devise some of your user's passwords.
It makes me laugh a little when people say MD5 or SHA1 is weak or
broken. If it
May want to check in with these guys, Eric Raymond's group. VERY hardcore
hackers. They only emerge like once a year at DEFCON or HOPE. And hack *&^%
like this 24/7 the rest of the time. May be interested in what you are
doing. Seems to be in the same space.
>>>
Welcome to NedaNet
This is the re
_
From: talk-boun...@lists.nyphp.org [mailto:talk-boun...@lists.nyphp.org] On
Behalf Of Anthony Papillion
Sent: Thursday, May 06, 2010 11:36 AM
To: NYPHP Talk
Subject: [nyphp-talk] What's a good way to handle this?
Hello Everyone,
As some of you may know, during last years Presi
On Thu, May 6, 2010 at 12:59 PM, Chris Snyder wrote:
> On Thu, May 6, 2010 at 12:26 PM, Anthony Wlodarski
> wrote:
> > I second, full UTF-8 is awesome down the line for internationalization.
> > First see if MySQL even supports UTF-8 on your system, execute: "SHOW
> > CHARACTER SET;" and utf8 s
On Thu, May 6, 2010 at 1:15 PM, Anthony Papillion wrote:
> So I've used encryption on a personal level and even on the server
> through SSL but I've not done much more in PHP than using either the
> MD5() or SHA1() functions on passwords. I tend to be a very paranoid
> type with user information a
On Thu, May 6, 2010 at 2:14 PM, Nicholas Ilyin wrote:
> However, appending any plaintext to your password and hashing that, such as
> SHA(username+password+username) is useless from a mathematical standpoint as
> the username is actually known to a potential hacker. The way that hash
> functions
On Thu, May 6, 2010 at 2:08 PM, John Campbell wrote:
> Use bcrypt. It is tunable so can make it so each hash check takes .1
> seconds. This makes a dictionary attack a huge pain in the ass, but
> your login page will still be plenty responsive.
>
This is excellent advice. You can also make you
Just happened to see this in my RSS feed from phpdeveloper.org...
http://www.webreference.com/programming/php/encryption_1/
Maybe relevant...
--Mike H
___
New York PHP Users Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/tal
Hi Anthony,
In theory, no hashing function will ever be free from brute force attacks,
but this is a matter of how long one is willing to perform a brute force
attack to find the variable (a password) in a one-way hashing function. In
practice, some hashing functions have clear security flaws whil
On Thu, May 6, 2010 at 1:15 PM, Anthony Papillion wrote:
> So I've used encryption on a personal level and even on the server
> through SSL but I've not done much more in PHP than using either the
> MD5() or SHA1() functions on passwords. I tend to be a very paranoid
> type with user information a
On Thu, May 6, 2010 at 1:15 PM, Anthony Papillion wrote:
> An attacker could determine an MD5 or SHA1 password through a simple
> dictionary attack. So, in essence, the encryption is useless.
Yes, current CUDA setups can calculate a billion SHA1's per second.
Dictionary attacks against salted has
woops sorry that's ed. precursor to vi.
http://en.wikipedia.org/wiki/Vi
On Thu, May 6, 2010 at 1:56 PM, Edward Potter wrote:
> I highly recommend u scale up from Dreamweaver, and use an editor, TextMate
> is probably the best, but zillions out there. Yes I know it works fine, but
> you will ne
I highly recommend u scale up from Dreamweaver, and use an editor, TextMate
is probably the best, but zillions out there. Yes I know it works fine, but
you will never move to Guru status with DW. Just my 2 rupee's. The leap is
pretty painless.
Grasshopper! => Guru => God => Grasshopper!
Dreamweav
On Thu, May 6, 2010 at 1:26 PM, Paul A Houle wrote:
> There's also the issue that there really is no "Unicode Sort Order" that
> entirely makes sense. For instance, languages such as German and Swedish
> sort the same characters in a different order. I'm currently working on a
> system that
Chris Snyder wrote:
Dirty secret - MySQL latin-1 tables will happily store and retrieve
utf-8 data. They won't sort it correctly, though I believe they will
sort it consistently.
So even if your MySQL was compiled without unicode support, you can
put utf-8 in and get utf-8 out.
Of course, if yo
So I've used encryption on a personal level and even on the server
through SSL but I've not done much more in PHP than using either the
MD5() or SHA1() functions on passwords. I tend to be a very paranoid
type with user information and I'm constantly thinking about
weaknesses in systems and how the
Well sometimes also you should changes the page encoding to UTF-8 which I
can't modify as I know except through DreamWeaver and I wanted to know if
there is a shortcut for this process rather than opening all the project
files and modify the page properties. If anyone has idea please provide us
wit
On Thu, May 6, 2010 at 12:26 PM, Anthony Wlodarski
wrote:
> I second, full UTF-8 is awesome down the line for internationalization.
> First see if MySQL even supports UTF-8 on your system, execute: "SHOW
> CHARACTER SET;" and utf8 should appear in the list. Then "ALTER TABLE
> tbl_name CONVERT T
I second, full UTF-8 is awesome down the line for internationalization. First
see if MySQL even supports UTF-8 on your system, execute: "SHOW CHARACTER SET;"
and utf8 should appear in the list. Then "ALTER TABLE tbl_name CONVERT TO
CHARACTER SET charset_name COLLATION collation_name;". Since
On Thu, May 6, 2010 at 11:46 AM, David Mintz wrote:
> Would this regex work if the data were utf-8? Should I consider converting
> everything and working in utf-8, and if so, how painful is it to convert a
> MySQL database? My initial research suggests that it isn't painless.
>
Full-stack utf-8
Hi Lester,
Thanks for the input. Encrypt isn't something I'd thought of. Good
point. Thanks!
Anthony
On Thu, May 6, 2010 at 10:49 AM, Lester Leong wrote:
>
> Hey Anthony,
>
> Not sure if I'm missing something but if attackers can get their hands on a
> .txt, they can get their hands on a .php
Hey Anthony,
Not sure if I'm missing something but if attackers can get their hands on a
.txt, they can get their hands on a .php and extracting the hard coded list
would be a trivial issue.
If you're shifting load to the relay level perhaps you could try two-way
encryption, since the extra overh
I don't really have a good understanding of issues around character sets,
encoding, what have you, though I am starting to work on it.
My problem involves a MySQL database and accented characters such as those
you find in Spanish and French. My web server sends a "content-type:
text/html; charset=
Hello Everyone,
As some of you may know, during last years Presidential protests in Iran, I
developed a distributed, multi-level, Twitter proxy service called
TweetFree. For the first time in almost a year, I'm revisiting the code in
an effort to update it and make it more useful for people outsid
24 matches
Mail list logo
