Hashes, salt, and pepper
Conclusions
Hashing can organize data efficiently in memory because an access time of O(1) will, ideally, be possible. Hash functions are suitable for protecting passwords as soon as cryptographically secure hash processes with high collision resistance are used. However, an attacker can try to determine the original password from a hash value using rainbow tables. It only becomes an unrealistic amount of overhead when a salt is involved.
Infos
- RFC to MD5: https://tools.ietf.org/html/rfc1321
- How to Break MD5 and Other Hash Functions: http://merlot.usc.edu/csac-f06/papers/Wang05a.pdf
- Collisions for Hash Functions: http://eprint.iacr.org/2004/199.pdf
- Evilize: http://www.mathstat.dal.ca/~selinger/md5collision/downloads/evilize-0.2.tar.gz
- A Note on the Practical Value of Single Hash Collisions for Special File Formats: http://csrc.nist.gov/groups/ST/hash/documents/Illies_NIST_05.pdf
- Creating a rogue CA certificate: http://www.win.tue.nl/hashclash/rogue-ca
- A Novel Time-Memory Trade-off Method for Password Recovery: http://dfrws.org/2009/proceedings/p114-thing.pdf
- Free rainbow tables: https://www.freerainbowtables.com/en/tables2
- Free XP rainbow tables: http://ophcrack.sourceforge.net/tables.php
« Previous 1 2 3
Buy this article as PDF
Express-Checkout as PDF
Price $2.95
(incl. VAT)
(incl. VAT)