Please don't email my password in plaintext

Cero

JGO Neuromancer

Posts: 1050
Medals: 18

Re: Please don't email my password in plaintext

« Reply #30 on: 2012-01-16 17:21:24 »

Quote from: Riven on 2012-01-16 17:14:07

Quote from: Cero on 2012-01-16 17:09:38

sha512 hasn't shown collisions, afaik

SHA512 has 512 bits (64 bytes).

Computing all hashes from all possible unique files of 65 bytes, you will find at least 256 collisions.
Computing all hashes from all possible unique files of 66 bytes, you will find at least 65536 collisions.
Computing all hashes from all possible unique files of 67 bytes, you will find at least 16777216 collisions.

I'm no security expert.
http://en.wikipedia.org/wiki/SHA-2

Quote

SHA-2 - SHA-512/384, Collisions found: none

So I thought, with everything below SHA-2, including obviously stuff like md5, collisions have been found; therefore they are insecure.

Alchemic-Tempest.com Google+ Twitter Facebook

OttoMeier

JGO n00b

Posts: 29
Medals: 4

Re: Please don't email my password in plaintext

« Reply #31 on: 2012-01-16 17:23:36 »

Quote

What you need to do is salting your hash.

thats simple just use the user name.
user name +password->hash->db
(user name name is stored in plain text with the hashcode) in db.
I know that that sounds strange but its "secure".

Riven

« League of Dukes »

JGO Kernel

Posts: 5870
Medals: 255

Hand over your head.

Re: Please don't email my password in plaintext

« Reply #32 on: 2012-01-16 17:24:50 »

Quote from: OttoMeier on 2012-01-16 17:23:36

Quote

What you need to do is salting your hash.

thats simple just use the user name.
user name +password->hash->db
(user name name is stored in plain text with the hashcode) in db.
I know that that sounds strange but its "secure".

It doesn't sound strange, it's "obvious".

Hi, appreciate more people! Σ ♥ = ¾

Learn how to award medals... and work your way up the social rankings

Games published by our own members! Go get 'em!

Try the Free Demo of Revenge of the Titans

theagentd

JGO Wizard

Posts: 1392
Medals: 88

Re: Please don't email my password in plaintext

« Reply #33 on: 2012-01-16 17:32:52 »

Quote from: Cero on 2012-01-16 17:21:24

Quote from: Riven on 2012-01-16 17:14:07

Quote from: Cero on 2012-01-16 17:09:38

sha512 hasn't shown collisions, afaik

I'm no security expert.
http://en.wikipedia.org/wiki/SHA-2

Quote

SHA-2 - SHA-512/384, Collisions found: none

So I thought, with everything below SHA-2, including obviously stuff like md5, collisions have been found; therefore they are insecure.

This should be obvious? >_> I mean, a 512-bit hash can only hold a certain number of different values (as many as a Java long), so it's obvious that 2 or more passwords longer than 64 bytes will end up with the same hash. If this wasn't the case then hashes could be used for file compression to compress any file to 64 bytes. Yaaaay.

There is no god.

Riven

« League of Dukes »

JGO Kernel

Posts: 5870
Medals: 255

Hand over your head.

Re: Please don't email my password in plaintext

« Reply #34 on: 2012-01-16 17:34:56 »

Quote from: theagentd on 2012-01-16 17:32:52

512-bit hash can only hold a certain number of different values (as many as a Java long)

Hi, appreciate more people! Σ ♥ = ¾

Learn how to award medals... and work your way up the social rankings

Shazer2

Jr. Member

Posts: 66
Medals: 3

Re: Please don't email my password in plaintext

« Reply #35 on: 2012-01-16 17:52:38 »

Update or change to MyBB, much more secure. They are free and provide a merge tool. Grin

"When you want to be successful as bad as you want to breathe, then you will be successful." - Eric Thomas

ra4king

JGO Kernel

Posts: 3160
Medals: 196

I'm the King!

Re: Please don't email my password in plaintext

« Reply #36 on: 2012-01-16 18:04:23 »

Quote from: theagentd on 2012-01-16 17:32:52

512-bit hash can only hold a certain number of different values (as many as a Java long)

What kind of wonky math are you doing? Grin

-Roi
Doodle Jump online!
Follow me on Twitter!

Cero

JGO Neuromancer

Posts: 1050
Medals: 18

Re: Please don't email my password in plaintext

« Reply #37 on: 2012-01-16 18:08:44 »

file compression ?

sha are hash functions. its not RSA. you cant decrypt a hash to the original content =0

Alchemic-Tempest.com Google+ Twitter Facebook

ra4king

JGO Kernel

Posts: 3160
Medals: 196

I'm the King!

Re: Please don't email my password in plaintext

« Reply #38 on: 2012-01-16 18:32:08 »

@Cero
He meant that if there were no collisions in SHA-512 at all, then you could be able to get the original content of any file using the hash.

-Roi
Doodle Jump online!
Follow me on Twitter!

Shane75776

Full Member

Posts: 151
Medals: 3

Re: Please don't email my password in plaintext

« Reply #39 on: 2012-01-16 18:41:46 »

Quote from: ra4king on 2012-01-16 15:29:01

Quote from: BoBear2681 on 2012-01-16 15:23:28

<OT>
@Shane75776: Why do the (non-working) links in your signature read like they're links to malware?
</OT>

Hahaha he just failed at correctly setting up the URL tag Tongue

When you fix them, the first link gives me a 404 and the second link is to a fraud/malware "satellitedirect" site

huh thats messed up. not sure what the links are for. Must have been really old links from way back when I first
signed up for this forum.

Games published by our own members! Go get 'em!

Legends of Yore - The Casual Retro Roguelike

theagentd

JGO Wizard

Posts: 1392
Medals: 88

Re: Please don't email my password in plaintext

« Reply #40 on: 2012-01-16 18:57:46 »

Quote from: ra4king on 2012-01-16 18:04:23

Quote from: theagentd on 2012-01-16 17:32:52

512-bit hash can only hold a certain number of different values (as many as a Java long)

What kind of wonky math are you doing? Grin

Gah! Mixing up bits and bytes... Long = 64 bits, SHA-512 = 64 bytes. >_>

There is no god.

Pages: 1 [2]

		Please don't email my password in plaintext (Read 1559 times)
0 Members and 2 Guests are viewing this topic.