Closed Thread Icon

Topic awaiting preservation: md5 security (Page 1 of 1) Pages that link to <a href="https://ozoneasylum.com/backlink?for=28955" title="Pages that link to Topic awaiting preservation: md5 security (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: md5 security <span class="small">(Page 1 of 1)</span>\

 
Moon Shadow
Paranoid (IV) Inmate

From: Paris, France
Insane since: Jan 2003

posted posted 02-18-2007 01:31

Hi guys,

Something has been on my mind lately and I'd like to know your opinion about it. A few weeks ago, I just stumbled upon a md5 database project at New Order.

Maybe it's old news to you, but I personally didn't know there were reverse databases already up and running. Well, this one is "only" 416Gb and has 90 billion entries... I tested it with various md5 hashes from some websites I made, and it recovered all the passwords in less than a second. Which was quite scary to me. Ok, all these password were plain text, but I mean... Hell, I though md5 was quite secure

So I went back to the source, the good old md5 manual page. Nearly every comment there was about the 'best and secure algorithm', saying the other was wrong etc.

After that, I felt a bit confused as to what was secure, and what was not. I did some more research and found the Project Rainbowcrack. I found this website to be extremely interesting, alas it also told me that anyone with enough CPU time and disk space could generate rainbow tables for nearly every hash and every charset, including md5.

So... I was back to the original problem : is there a way to generate secure md5 hashes ? And by secure I mean beyond decryption.

I've thought a few days about it, and the solution I came up with was to add a salt with special characters such as alt + xxxx to the md5 string. This would be quite secure imho, but that wouldn't work if somebody included theses characters in a md5 rainbow table.


I'm sure at least some of you dealt with such security issues, so I'd be interested in knowing what solution you came up with.

Also, if you have any other thoughts about that... I'd be more than happy if you shared them


PS :
I know I will probably never have the use of such secure hashes.
I know I'm kind of looking for a holy grail.
But hey I am really curious about security issues such as this one, and actually I want to know exactly how secure is what I code.

----
If wishes were fishes, we'd all cast nets.



(Edited by Moon Shadow on 02-18-2007 01:56)

reisio
Paranoid (IV) Inmate

From: Florida
Insane since: Mar 2005

posted posted 02-18-2007 02:49
quote:
Moon Shadow said:

is there a way to generate secure md5 hashes ? And by secure I mean beyond decryption.



Nothing is beyond decryption. If you don't want people to see it, don't put it in public view.

rukuartic
Bipolar (III) Inmate

From: Underneath a mountain of blankets.
Insane since: Jan 2007

posted posted 02-19-2007 04:33

Three can keep a secret if two are dead. Can't remember who said that.

rukuartic@halflght:~/$ whatis life
life: nothing appropriate.

« BackwardsOnwards »

Show Forum Drop Down Menu