Java-Gaming.org Hi !
Featured games (83)
games approved by the League of Dukes
Games in Showcase (513)
Games in Android Showcase (121)
games submitted by our members
Games in WIP (577)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: 1 [2]
  ignore  |  Print  
  Please don't email my password in plaintext  (Read 6320 times)
0 Members and 1 Guest are viewing this topic.
Offline Cero
« Reply #30 - Posted 2012-01-16 22:21:24 »

sha512 hasn't shown collisions, afaik
SHA512 has 512 bits (64 bytes).

Computing all hashes from all possible unique files of 65 bytes, you will find at least 256 collisions.
Computing all hashes from all possible unique files of 66 bytes, you will find at least 65536 collisions.
Computing all hashes from all possible unique files of 67 bytes, you will find at least 16777216 collisions.

I'm no security expert.
http://en.wikipedia.org/wiki/SHA-2
Quote
SHA-2 - SHA-512/384, Collisions found: none

So I thought, with everything below SHA-2, including obviously stuff like md5, collisions have been found; therefore they are insecure.

Offline OttoMeier
« Reply #31 - Posted 2012-01-16 22:23:36 »

Quote
What you need to do is salting your hash.

thats simple just use the user name.
 user name +password->hash->db  
(user name name is stored in plain text with the hashcode) in db.
I know that that sounds strange but its "secure".
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 818
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #32 - Posted 2012-01-16 22:24:50 »

Quote
What you need to do is salting your hash.

thats simple just use the user name.
 user name +password->hash->db  
(user name name is stored in plain text with the hashcode) in db.
I know that that sounds strange but its "secure".
It doesn't sound strange, it's "obvious".

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline theagentd
« Reply #33 - Posted 2012-01-16 22:32:52 »

sha512 hasn't shown collisions, afaik
SHA512 has 512 bits (64 bytes).

Computing all hashes from all possible unique files of 65 bytes, you will find at least 256 collisions.
Computing all hashes from all possible unique files of 66 bytes, you will find at least 65536 collisions.
Computing all hashes from all possible unique files of 67 bytes, you will find at least 16777216 collisions.

I'm no security expert.
http://en.wikipedia.org/wiki/SHA-2
Quote
SHA-2 - SHA-512/384, Collisions found: none

So I thought, with everything below SHA-2, including obviously stuff like md5, collisions have been found; therefore they are insecure.
This should be obvious? >_> I mean, a 512-bit hash can only hold a certain number of different values (as many as a Java long), so it's obvious that 2 or more passwords longer than 64 bytes will end up with the same hash. If this wasn't the case then hashes could be used for file compression to compress any file to 64 bytes. Yaaaay.

Myomyomyo.
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 818
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #34 - Posted 2012-01-16 22:34:56 »

512-bit hash can only hold a certain number of different values (as many as a Java long)
Stare

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline Shazer2

Junior Duke


Medals: 3


Aspiring developer.


« Reply #35 - Posted 2012-01-16 22:52:38 »

Update or change to MyBB, much more secure. They are free and provide a merge tool.  Grin

"When you want to be successful as bad as you want to breathe, then you will be successful." - Eric Thomas
Offline ra4king

JGO Kernel


Medals: 352
Projects: 3
Exp: 5 years


I'm the King!


« Reply #36 - Posted 2012-01-16 23:04:23 »

512-bit hash can only hold a certain number of different values (as many as a Java long)
What kind of wonky math are you doing? Grin

Offline Cero
« Reply #37 - Posted 2012-01-16 23:08:44 »

file compression ?

sha are hash functions. its not RSA. you cant decrypt a hash to the original content =0

Offline ra4king

JGO Kernel


Medals: 352
Projects: 3
Exp: 5 years


I'm the King!


« Reply #38 - Posted 2012-01-16 23:32:08 »

@Cero
He meant that if there were no collisions in SHA-512 at all, then you could be able to get the original content of any file using the hash.

Offline Shane75776
« Reply #39 - Posted 2012-01-16 23:41:46 »

<OT>
@Shane75776:  Why do the (non-working) links in your signature read like they're links to malware?
</OT>
Hahaha he just failed at correctly setting up the URL tag Tongue

When you fix them, the first link gives me a 404 and the second link is to a fraud/malware "satellitedirect" site Smiley

huh thats messed up. not sure what the links are for. Must have been really old links from way back when I first
signed up for this forum.

Check out my Snipping Tool++ ! An advanced snippet/screenshot/text uploading tool! Meant to replace the windows snipping tool.

Check out Pixel Rain My most recent Swing based game!
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline theagentd
« Reply #40 - Posted 2012-01-16 23:57:46 »

512-bit hash can only hold a certain number of different values (as many as a Java long)
What kind of wonky math are you doing? Grin
Gah! Mixing up bits and bytes... Long = 64 bits, SHA-512 = 64 bytes. >_>

Myomyomyo.
Pages: 1 [2]
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

theagentd (19 views)
2014-10-25 15:46:29

Longarmx (52 views)
2014-10-17 03:59:02

Norakomi (46 views)
2014-10-16 15:22:06

Norakomi (34 views)
2014-10-16 15:20:20

lcass (39 views)
2014-10-15 16:18:58

TehJavaDev (68 views)
2014-10-14 00:39:48

TehJavaDev (68 views)
2014-10-14 00:35:47

TehJavaDev (60 views)
2014-10-14 00:32:37

BurntPizza (74 views)
2014-10-11 23:24:42

BurntPizza (45 views)
2014-10-11 23:10:45
Understanding relations between setOrigin, setScale and setPosition in libGdx
by mbabuskov
2014-10-09 22:35:00

Definite guide to supporting multiple device resolutions on Android (2014)
by mbabuskov
2014-10-02 22:36:02

List of Learning Resources
by Longor1996
2014-08-16 10:40:00

List of Learning Resources
by SilverTiger
2014-08-05 19:33:27

Resources for WIP games
by CogWheelz
2014-08-01 16:20:17

Resources for WIP games
by CogWheelz
2014-08-01 16:19:50

List of Learning Resources
by SilverTiger
2014-07-31 16:29:50

List of Learning Resources
by SilverTiger
2014-07-31 16:26:06
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!