Page 1 of 2 12 LastLast
Results 1 to 15 of 19

Thread: The encryption thread

  1. #1
    Join Date
    25th January 2007 - 10:06
    Bike
    '14 Multistrada 1200S
    Location
    palmy
    Posts
    3,759

    The encryption thread

    Quote Originally Posted by imdying View Post
    The site will still have to decipher them to display them to the user, to replicate that functionality is pretty trivial
    ???

    decipher md5??

    good luck with that
    F M S

  2. #2
    Join Date
    3rd July 2003 - 12:00
    Bike
    Scorpio, XL1200N
    Location
    forests of azure
    Posts
    9,398
    Quote Originally Posted by yod View Post
    decipher md5??
    MD5's a hash function, not a block encryption algorithm.

    Quote Originally Posted by yod View Post
    good luck with that
    MD5's been effectively broken for some time - it only takes a couple of minutes to generate a collision these days. It's no longer considered suitable for security-sensitive implementations.
    kiwibiker is full of love, an disrespect.
    - mikey

  3. #3
    Join Date
    25th January 2007 - 10:06
    Bike
    '14 Multistrada 1200S
    Location
    palmy
    Posts
    3,759
    Quote Originally Posted by jrandom View Post
    MD5's a hash function, not a block encryption algorithm.



    MD5's been effectively broken for some time - it only takes a couple of minutes to generate a collision these days. It's no longer considered suitable for security-sensitive implementations.
    yeah....i know mate......but for the sake of discussion I didn't see the point in splitting hairs - for the lay man, md5 can be considered encryption - it is after all, altering the original data to disguise it's content which is the fundamental concept behind any encryption

    and it is standard practice to include a salt when using md5 these days - "if passwords are combined with a salt before the MD5 digest is generated, rainbow tables become much less useful"

    perhaps if we were talking about a WIS for a bank, a salt + md5 implementation would not be ideal but for this site I would suggest it's quite sufficient
    F M S

  4. #4
    Join Date
    3rd July 2003 - 12:00
    Bike
    Scorpio, XL1200N
    Location
    forests of azure
    Posts
    9,398
    Quote Originally Posted by yod View Post
    standard practice to include a salt...
    That prevents dictionary attacks to recover the original password (for whatever that'd be worth) but does nothing to reduce MD5's vulnerability to collisions. Salting is a valid technique to guard against exploitation of weak passwords when using an unbroken hash algorithm.

    In other words, if you store passwords as MD5 hashes, salt or no salt, and I get hold of one of those hashes, I can quickly come up with another password that generates the same hash value, and then happily log on to the account in question.

    Which obviates the purpose of storing passwords as hashes in the first place.

    Anyway, I drew the block/hash distinction because folk were speaking of MD5 being used to encrypt messages, which wouldn't be possible. Hash functions are used to identify, not to encipher.

    kiwibiker is full of love, an disrespect.
    - mikey

  5. #5
    Join Date
    25th January 2007 - 10:06
    Bike
    '14 Multistrada 1200S
    Location
    palmy
    Posts
    3,759
    Quote Originally Posted by jrandom View Post
    That prevents dictionary attacks to recover the original password (for whatever that'd be worth) but does nothing to reduce MD5's vulnerability to collisions. Salting is a valid technique to guard against exploitation of weak passwords when using an unbroken hash algorithm.

    In other words, if you store passwords as MD5 hashes, salt or no salt, and I get hold of one of those hashes, I can quickly come up with another password that generates the same hash value, and then happily log on to the account in question.

    Which obviates the purpose of storing passwords as hashes in the first place.

    Anyway, I drew the block/hash distinction because folk were speaking of MD5 being used to encrypt messages, which wouldn't be possible. Hash functions are used to identify, not to encipher.

    ... snip pic out ...
    actually i only mentioned md5 as an example - i never suggested it would be used for anything other than password hashing/encryption

    it was then taken out of context and here we are


    F M S

  6. #6
    Join Date
    3rd July 2003 - 12:00
    Bike
    Scorpio, XL1200N
    Location
    forests of azure
    Posts
    9,398
    Quote Originally Posted by yod View Post
    actually i only mentioned md5 as an example - i never suggested it would be used for anything other than password hashing/encryption
    Perhaps not, but you did imply ignorance of the fact that it's crackable, so in best KB pedantrist tradition, I thought I'd barge in with a healthy serving of entirely unnecessary detail.

    kiwibiker is full of love, an disrespect.
    - mikey

  7. #7
    Join Date
    3rd August 2006 - 19:35
    Bike
    B12
    Location
    West Auckland
    Posts
    2,800
    BLAH BLAH BLAH

    are you guys talking about porn in a secret code or something?
    Quote Originally Posted by NinjaNanna View Post
    Wasn't me officer, honest, it was that morcs guy.
    Quote Originally Posted by Littleman View Post
    Yeah I do recall, but dismissed it as being you when I saw both wheels on the ground.
    Quote Originally Posted by R6_kid View Post
    lulz, ever ridden a TL1000R? More to the point, ever ridden with teh Morcs? Didn't fink so.

  8. #8
    Join Date
    21st September 2006 - 21:35
    Bike
    Kawasaki ZX1100 Turbo
    Location
    Auckland
    Posts
    3,100
    Quote Originally Posted by Morcs View Post
    BLAH BLAH BLAH

    are you guys talking about porn in a secret code or something?
    Porn? Nah, someone mentioned hash so I reckon it's drugs.
    "Speed has never killed anyone. Suddenly becoming stationary - that's what gets you."
    Jeremy Clarkson.

    Kawasaki 200mph Club

  9. #9
    Join Date
    8th October 2007 - 14:58
    Bike
    Loud and hoony
    Location
    Now
    Posts
    3,215
    How about quantum cryptography?
    It is preferential to refrain from the utilisation of grandiose verbiage in the circumstance that your intellectualisation can be expressed using comparatively simplistic lexicological entities. (...such as the word fuck.)

    Remember your humanity, and forget the rest. - Joseph Rotblat

  10. #10
    Join Date
    21st September 2006 - 21:35
    Bike
    Kawasaki ZX1100 Turbo
    Location
    Auckland
    Posts
    3,100
    Quote Originally Posted by Mikkel View Post
    How about quantum cryptography?
    Or analysis on how such a small stool can support such a huge arse?
    Attached Thumbnails Attached Thumbnails Click image for larger version. 

Name:	ass.jpg 
Views:	22 
Size:	22.7 KB 
ID:	96606  
    "Speed has never killed anyone. Suddenly becoming stationary - that's what gets you."
    Jeremy Clarkson.

    Kawasaki 200mph Club

  11. #11
    Join Date
    2nd April 2005 - 11:58
    Bike
    .
    Location
    .
    Posts
    5,095
    HggtuGY55.mk.kkhg*goto YHk58
    They shall not grow old as we that are left grow old.
    Age shall not weary them nor the years condemn.
    At the going down of the sun and in the evening,
    we will remember them

  12. #12
    Join Date
    27th February 2005 - 08:47
    Bike
    a red heap
    Location
    towel wronger
    Posts
    6,522
    0110011101100101011001010110101101110011

  13. #13
    Join Date
    25th January 2007 - 10:06
    Bike
    '14 Multistrada 1200S
    Location
    palmy
    Posts
    3,759
    Quote Originally Posted by jrandom View Post
    I thought I'd barge in with a healthy serving of entirely unnecessary detail.

    really? I hadn't noticed.....

    F M S

  14. #14
    Join Date
    13th April 2007 - 18:26
    Bike
    06 scrambler,xrl,
    Location
    In town. Crap
    Posts
    4,155
    Blog Entries
    1
    Arrrgh, Nerds, begone from this world
    you have been good slaves to mankind, but time you all took a hike.
    (actually, I'm just jealous that it's all above my feeble ability to understand)

  15. #15
    Join Date
    28th August 2005 - 18:21
    Bike
    None, sold.
    Location
    Wellington
    Posts
    1,270
    Quote Originally Posted by yod View Post
    for the lay man, md5 can be considered encryption
    A layman's concept of encryption includes being able to get the data back out again. Usually using a hot chick in a darkened room and a pile of numbers that whizz over until (one by one) they settle on the secret combination. You can't get the data back out of md5.

    Dave
    Signature needed. Apply within.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •