Hi guys,
Something has been on my mind lately and I'd like to know your opinion about it. A few weeks ago, I just stumbled upon a md5 database project at New Order.
Maybe it's old news to you, but I personally didn't know there were reverse databases already up and running. Well, this one is "only" 416Gb and has 90 billion entries... I tested it with various md5 hashes from some websites I made, and it recovered all the passwords in less than a second. Which was quite scary to me. Ok, all these password were plain text, but I mean... Hell, I though md5 was quite secure 
So I went back to the source, the good old md5 manual page. Nearly every comment there was about the 'best and secure algorithm', saying the other was wrong etc. 
After that, I felt a bit confused as to what was secure, and what was not. I did some more research and found the Project Rainbowcrack. I found this website to be extremely interesting, alas it also told me that anyone with enough CPU time and disk space could generate rainbow tables for nearly every hash and every charset, including md5.
So... I was back to the original problem : is there a way to generate secure md5 hashes ? And by secure I mean beyond decryption.
I've thought a few days about it, and the solution I came up with was to add a salt with special characters such as alt + xxxx to the md5 string. This would be quite secure imho, but that wouldn't work if somebody included theses characters in a md5 rainbow table.
I'm sure at least some of you dealt with such security issues, so I'd be interested in knowing what solution you came up with.
Also, if you have any other thoughts about that... I'd be more than happy if you shared them 
PS :
I know I will probably never have the use of such secure hashes.
I know I'm kind of looking for a holy grail.
But hey I am really curious about security issues such as this one, and actually I want to know exactly how secure is what I code.
----
If wishes were fishes, we'd all cast nets.
(Edited by Moon Shadow on 02-18-2007 01:56)
posted 02-18-2007 01:31
