Archive

Posts Tagged ‘hash’

Are You Sure SHA-1+Salt Is Enough For Passwords?

February 9th, 2011 02:47 admin View Comments

Security

Melchett writes “It’s all too common that Web (and other) applications use MD5, SHA1, or SHA-256 to hash user passwords, and more enlightened developers even salt the password. And over the years I’ve seen heated discussions on just how salt values should be generated and on how long they should be. Unfortunately in most cases people overlook the fact that MD and SHA hash families are designed for computational speed, and the quality of your salt values doesn’t really matter when an attacker has gained full control, as happened with rootkit.com. When an attacker has root access, they will get your passwords, salt, and the code that you use to verify the passwords.”

Source: Are You Sure SHA-1+Salt Is Enough For Passwords?

Categories: slashdot Tags: , , , , , , ,

SHA-3 Finalist Candidates Known

December 10th, 2010 12:08 admin View Comments

Skuto writes “NIST just announced the final selection of algorithms in the SHA-3 hash competition. The algorithms that are candidates to replace SHA-2 are BLAKE, Grøstl, JH, Keccak and Skein. The selection criteria included performance in software and hardware, hardware implementation size, best known attacks and being different enough from the other candidates. Curiously, some of the faster algorithms were eliminated as they were felt to be ‘too fast to be true.’ A full report with the (non-)selection rationale for each candidate is forthcoming.”

Source: SHA-3 Finalist Candidates Known

Categories: slashdot Tags: , , , , , , , , , ,