Other Software > Developer's Corner
Essays on Proper Storage of Site Passwords
db90h:
I'm always a bit weary of layering stuff like this though.. all it takes is one bad hash algorithm that by accident maps all inputs into a small hash space and you are in trouble.
-mouser (June 13, 2012, 07:08 AM)
--- End quote ---
If all algorithms chosen are secure, it should be good .. real good. I am not a cryptologist or mathematician though. I think with each iteration it would grow in strength. Who knows, I may be wrong. Of course, the larger the digest size, the better.
You know what really pisses me off though, about hackers in general? It is *MUCH EASIER* to breach a site than it is to keep one secure. They think they are so smart for exploiting a site, etc... but they have the easier task in almost all cases. Of course, 99% of them are just using exploits discovered by other people, then think they are so brilliant for doing so.
Just like it is easier to DESTROY than it is to CREATE, true of everything ... same with security.
Renegade:
What I'd said above applies there for multiple and iterative processes.
The entire question is about entropy. This also goes for compression, though in a different manner.
What you want to do is to maximize entropy when encrypting (or compressing in a sense) data.
By layering on the same algorithm (or another one) you effectively increase the entropy each time you iterate the process.
So, if you want stronger encryption (assuming no exploits against the algorithm), you merely need to run it several times, or use multiple algorithms in succession.
Every time you go through the process, you increase entropy, which basically means stronger encryption.
So yes - SHA512 x 2 is stronger than SHA512 x 1. Or whatever.
IIRC - This is true for symmetric and hash encryption.
db90h:
By layering on the same algorithm (or another one) you effectively increase the entropy each time you iterate the process.
--- End quote ---
That is what I thought ;). So as long as you don't throw a malfunctional or non-secure algorithm in the sequence, e.g. one that often hashes to 0 or something, you are good ;p. Myself, I have a policy of using *only* algorithms that produce at least a 512 bit digest. The exception is, of course, the first sequence in my hash, which is SHA1, only 160 bits.
Going on about my rant on hackers ... part of the problem is how the media treats them. Calling them brilliant, etc... No, it takes brilliance to keep a sever secure.
Right now, my #1 problem, and maybe mouser can sympathize, is not having the TIME to dedicate myself to constantly securing and monitoring my server. I have 10 different jobs, at least, here at my one man show, and web server admin is *definitely* a job in and of itself.
nudone:
... part of the problem is how the media treats them. Calling them brilliant, etc... No, it takes brilliance to keep a sever secure.
-db90h (June 13, 2012, 10:36 AM)
--- End quote ---
Part of the problem is the the Media knows scary stories keep people interested (however bogus they tend to be). No one wants to hear about the good news - unless it's on the level of a puppy being rescued from a mine shaft.
Stoic Joker:
... part of the problem is how the media treats them. Calling them brilliant, etc... No, it takes brilliance to keep a sever secure.
-db90h (June 13, 2012, 10:36 AM)
--- End quote ---
Part of the problem is the the Media knows scary stories keep people interested (however bogus they tend to be). No one wants to hear about the good news - unless it's on the level of a puppy being rescued from a mine shaft.
-nudone (June 13, 2012, 11:16 AM)
--- End quote ---
:Thmbsup:
~ The bubble headed bleach blond comes on at 5
She can tell you about the plane crash with a gleam in her eye
Get the widow on the set, we love dirty laundry ~
-- I'm filling in for 40Hz in the song lyrics quiping department. :D
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version