Comments on: Do you know how to manage your application’s passwords? http://alwaysnewmistakes.wordpress.com/2007/12/18/do-you-know-how-to-manage-your-applications-passwords/ "Fortitudine Vincimus" - Rants and thoughts of an optimist mind Tue, 24 Nov 2009 14:12:36 +0000 http://wordpress.com/ hourly 1 By: Alex Barrera http://alwaysnewmistakes.wordpress.com/2007/12/18/do-you-know-how-to-manage-your-applications-passwords/#comment-275 Alex Barrera Sat, 07 Jun 2008 11:11:13 +0000 http://alwaysnewmistakes.wordpress.com/2007/12/18/do-you-know-how-to-manage-your-applications-passwords/#comment-275 Nice! Thanks for the tip! Nice! Thanks for the tip!

]]> By: Ajo http://alwaysnewmistakes.wordpress.com/2007/12/18/do-you-know-how-to-manage-your-applications-passwords/#comment-274 Ajo Wed, 04 Jun 2008 12:21:58 +0000 http://alwaysnewmistakes.wordpress.com/2007/12/18/do-you-know-how-to-manage-your-applications-passwords/#comment-274 It seems that wordpress people have strenghtned their password systems :) http://wordpress.org/support/topic/170987 Greetings!! :) It seems that wordpress people have strenghtned their password systems :)
http://wordpress.org/support/topic/170987

Greetings!! :)

]]> By: alexbarrera http://alwaysnewmistakes.wordpress.com/2007/12/18/do-you-know-how-to-manage-your-applications-passwords/#comment-99 alexbarrera Mon, 07 Jan 2008 16:43:46 +0000 http://alwaysnewmistakes.wordpress.com/2007/12/18/do-you-know-how-to-manage-your-applications-passwords/#comment-99 I'm glad you like it :) Reading that people like what you write is priceless for me. Thanks! I’m glad you like it :) Reading that people like what you write is priceless for me. Thanks!

]]> By: OPEN GIGA http://alwaysnewmistakes.wordpress.com/2007/12/18/do-you-know-how-to-manage-your-applications-passwords/#comment-98 OPEN GIGA Mon, 07 Jan 2008 16:20:04 +0000 http://alwaysnewmistakes.wordpress.com/2007/12/18/do-you-know-how-to-manage-your-applications-passwords/#comment-98 thanks alex to share with us. thanks alex to share with us.

]]> By: Miguel Angel Ajo http://alwaysnewmistakes.wordpress.com/2007/12/18/do-you-know-how-to-manage-your-applications-passwords/#comment-80 Miguel Angel Ajo Fri, 28 Dec 2007 12:57:09 +0000 http://alwaysnewmistakes.wordpress.com/2007/12/18/do-you-know-how-to-manage-your-applications-passwords/#comment-80 Really good article. I just wanted to comment about the use of search engines for hash cracking. Like big rainbow tables, the network is filled with MD5, SHA1, SHA2 .. codes, and their original plaintext. For example, try this: md5("admin123") = 0192023a7bbd73250516f069df18b500 if you search for that on google: http://www.google.es/search?q=0192023a7bbd73250516f069df18b500 you will find admin123 on many of them. Greetings! ;) Really good article.

I just wanted to comment about the use of search engines for hash cracking. Like big rainbow tables, the network is filled with MD5, SHA1, SHA2 .. codes, and their original plaintext.

For example, try this:

md5(“admin123″) = 0192023a7bbd73250516f069df18b500

if you search for that on google: http://www.google.es/search?q=0192023a7bbd73250516f069df18b500
you will find admin123 on many of them.

Greetings! ;)

]]> By: alexbarrera http://alwaysnewmistakes.wordpress.com/2007/12/18/do-you-know-how-to-manage-your-applications-passwords/#comment-64 alexbarrera Wed, 19 Dec 2007 00:29:43 +0000 http://alwaysnewmistakes.wordpress.com/2007/12/18/do-you-know-how-to-manage-your-applications-passwords/#comment-64 Hi Alex! Nice to see you're back in business ;) You are right, with broken I meant for the use I'm giving it in the article. About the actual problems with md5, you can't craft a string that generates a known hash due to restrictions with the way the method generates collisions (and the length of the string, among others). Nevertheless, I should add *yet*. Once you demonstrate that collisions are probable, it isn't safe to use it. What is true is that it hasn't been demonstrated that starting with a hash you can "reverse" the md5 function and get the original string. I'm very happy you enjoyed the article :D Hi Alex!
Nice to see you’re back in business ;) You are right, with broken I meant for the use I’m giving it in the article. About the actual problems with md5, you can’t craft a string that generates a known hash due to restrictions with the way the method generates collisions (and the length of the string, among others). Nevertheless, I should add *yet*. Once you demonstrate that collisions are probable, it isn’t safe to use it. What is true is that it hasn’t been demonstrated that starting with a hash you can “reverse” the md5 function and get the original string.
I’m very happy you enjoyed the article :D

]]> By: Zouave http://alwaysnewmistakes.wordpress.com/2007/12/18/do-you-know-how-to-manage-your-applications-passwords/#comment-59 Zouave Tue, 18 Dec 2007 18:03:12 +0000 http://alwaysnewmistakes.wordpress.com/2007/12/18/do-you-know-how-to-manage-your-applications-passwords/#comment-59 Excellent article on security. I just want to note that while md5 is vulnerable to collisions, it has not been 'broken', in the sense that it is not possible to craft a string whose md5 hash is already known. However, it is possible to generate two strings (or two files, for that matter) with the same md5 hash. Cheers! Excellent article on security.

I just want to note that while md5 is vulnerable to collisions, it has not been ‘broken’, in the sense that it is not possible to craft a string whose md5 hash is already known. However, it is possible to generate two strings (or two files, for that matter) with the same md5 hash.

Cheers!

]]>