It's been said (e.g. [1]) that hashing passwords with two rounds of
MD5 is basically a waste of time these days, because brute-forcing
even relatively long passwords is now feasible with cheap hardware.
Indeed, you can buy software [2] which claims to be able to check 90
million MediaWiki
Tim Starling schrieb:
It's been said (e.g. [1]) that hashing passwords with two rounds of
MD5 is basically a waste of time these days, because brute-forcing
even relatively long passwords is now feasible with cheap hardware.
Indeed, you can buy software [2] which claims to be able to check 90
On Wed, Aug 18, 2010 at 11:37 PM, Tim Starling tstarl...@wikimedia.org wrote:
snip
The idea I came up with is to hash the output of str_repeat(). This
increases the number of rounds of the compression function, while
avoiding tight loops in PHP code.
snip
My proposed hash function is a B-type
On 19/08/10 18:45, Daniel Kinzler wrote:
Tim Starling schrieb:
It's been said (e.g. [1]) that hashing passwords with two rounds of
MD5 is basically a waste of time these days, because brute-forcing
even relatively long passwords is now feasible with cheap hardware.
Indeed, you can buy
On 19/08/10 19:02, Robert Rohde wrote:
Let me preface my comment by saying that I haven't studied WHIRLPOOL,
and the following may not apply to it at all.
However, it is known that some block cypher based hashes behave poorly
when fed repeated copies of the same block. In the worst cases
嗨,
我创建了一个Netlog个人主页,其中包括我的图片、视频、博客和活动。非常希望邀请你成为我的朋友,一起共享我们的天地。这需要你先在Netlog上注册哦!在登录后,你也可以创建属于自己的个人主页了。
看一看:
http://zh.netlog.com/go/mailurl/-bT0xNTQ2OTM4NDcmbD0xJmdtPTM3JnU9JTJGZ28lMkZyZWdpc3RlciUyRmlkJTNEMTAzMzY3OTI3NiUyNmklM0R0OTE_
祝好,
杨杰
Tim Starling wrote:
So the time has probably come for us to come up with a C type
password hashing scheme, to replace the B-type hashes that we use at
the moment.
What about using public key cryptography? Generate a key-pair and use the
public key to produce your password hashes. Store
On 20/08/10 00:12, Jonathan Leybovich wrote:
Tim Starling wrote:
So the time has probably come for us to come up with a C type
password hashing scheme, to replace the B-type hashes that we use
at the moment.
What about using public key cryptography? Generate a key-pair and
use the
http://newsarse.com/2010/08/13/if-you-can-remember-your-password-then-its-hopelessly-inadequate-warn-researchers/
Passwords suck, and people are a problem. Now, if we could distribute
RSA fobs to every editor ...
We could do a less secure, but more-secure-than-passwords alternative,
which is
2010/8/19 Daniel Kinzler dan...@brightbyte.de:
2) extra channels that include full text, diffs, etc? UDP is a limiting factor
here. Alternative transport from PHP to the bridge process?
Named pipes? Of course only if PHP can keep named pipe open in
persistent mode. I'm not sure if this is easy
Tim Starling wrote:
You don't need to store the original passwords in a recoverable form
in order to rehash them. You can just apply extra hashing to the old
hash. This is how the A-B transition worked, and it's how the B-C
transition should work too, unless someone knows of some kind of
K. Peachey p858sn...@yahoo.com.au writes:
I think you guys are experiencing the java-script load issues
Why is the mobile redirect left to Javascript? Wouldn't it be better
for all concerned if the redirect happened before any PHP was loaded?
Wouldn't it be better for those older phones with
Trevor Parscal tpars...@wikimedia.org writes:
I don't know where this landed, but I wanted to point out that system
testing might be a better name for out use of Selenium, Acceptance
testing has more of a customer is accepting a product connotation.
During our discussion last Friday,
Artur Fijałkowski schrieb:
2010/8/19 Daniel Kinzler dan...@brightbyte.de:
2) extra channels that include full text, diffs, etc? UDP is a limiting
factor
here. Alternative transport from PHP to the bridge process?
Named pipes? Of course only if PHP can keep named pipe open in
persistent
On Thu, Aug 19, 2010 at 2:37 AM, Tim Starling tstarl...@wikimedia.org wrote:
The problem with the standard key strengthening algorithms, e.g.
PBKDF1, is that they are not efficient in PHP. We don't want a C
implementation of our scheme to be orders of magnitude faster than our
PHP
On Thu, Aug 19, 2010 at 10:50 AM, Ryan Lane rlan...@gmail.com wrote:
We could do a less secure, but more-secure-than-passwords
alternative,
which is to use email or SMS as a one time password device. SMS is
obviously more secure than email, but would require us to ask people
for their
On Thu, Aug 19, 2010 at 5:16 PM, Lane, Ryan
ryan.l...@ocean.navo.navy.mil wrote:
Though SMS has a number of vulnerabilties, as listed in the link, in
practical terms, it is likely to be safer than email for one time passwords.
Remember: one time passwords are used as a form of two factor
There is no point in providing options that virtually no one will use.
It wastes the effort of all the people who have the maintain the
relevant code, and it's yet more distraction on our already
way-too-bloated preferences page. And it will not be useful to anyone
when someone turns on the
People are also going to keep thinking they're clever by using fuck
as a password. Remember last time?
http://davidgerard.co.uk/notes/2007/05/07/tubgirl-is-love/
A better password algorithm will at least solve a part of the problem
that's understood. Anyone who would choose to use SMS
On Thu, Aug 19, 2010 at 5:44 PM, David Gerard dger...@gmail.com wrote:
People are also going to keep thinking they're clever by using fuck
as a password. Remember last time?
http://davidgerard.co.uk/notes/2007/05/07/tubgirl-is-love/
Admins need to be forced to use secure passwords, using some
On 20/08/10 04:18, Jonathan Leybovich wrote:
Plus I would wager that asymmetric ciphers will stand up to attacks far
longer than most hashing functions.
In a past life, I was a PhD student working on a broad military-funded
project which aimed to break all known asymmetric cryptography schemes
On 20/08/10 05:55, Aryeh Gregor wrote:
On Thu, Aug 19, 2010 at 2:37 AM, Tim Starling tstarl...@wikimedia.org wrote:
The number of WHIRLPOOL iterations is specified in the output string
as a base-2 logarithm (whimsically padded out to 3 decimal digits to
allow for future universe-sized
22 matches
Mail list logo