[Maxips2]

Recently there was a lot of talk about password security, after reading a lot of threads I decided to upgrade the password security I'm currently using.

Basically I'm taking a string and hashing it with salts multiple times, salt is applied every iteration.
I wanted to ask what would be a good number of hashing times for a secure password (with salts applied every iteration).

I have ******d before I asked but unfortunately couldn't find anything helpful.
Here on the forums I've seen different numbers (2^12, 2^13, 2^14 as recommend).

[Jessyy]

I see a lot of people complaining about password security even for whirlpool... and 1 by 1 comes with a new idea how make our lives harder... for example hashing it with salts multiple times ...
Tell me 1 person who can crack the whirlpool hash, besides Y_less the creator of the plugin...
Let's try this experiment, here is 2 words can find out what words are
"050bf9a0c6d5cc04b57371b1a33ed9d73ed85254d4ffedd39 2af2fb8df295efad8039b564e95afa6a9b5d9154addfa57340 e3ebd4246d865e8eaa4b62d1ab5fe"

[Vince]

I agree with poster above. This is just getting ridiculous. Show me one example of a SA-MP database getting exposed AND hacked.

[Maxips2]

Quote:

Originally Posted by Jessyy I see a lot of people complaining about password security even for whirlpool... and 1 by 1 comes with a new idea how make our lives harder... for example hashing it with salts multiple times ... Tell me 1 person who can crack the whirlpool hash, besides Y_less the creator of the plugin... Let's try this experiment, here is 2 word can find out what words it is "050bf9a0c6d5cc04b57371b1a33ed9d73ed85254d4ffedd39 2af2fb8df295efad8039b564e95afa6a9b5d9154addfa57340 e3ebd4246d865e8eaa4b62d1ab5fe"

There are different methods of finding out the password from given hash, it is possible.
Even with all this security its still possible to find out the password, its just a matter of time.

With all the respect, technically Y_Less can't crack the hash, and it has nothing to do with him creating the plugin.

By the way, possible answer to your experiment:

"sharp mind"

https://crackstation.net/

Just a proof that its possible.

http://en.wikipedia.org/wiki/Rainbow_table
http://en.wikipedia.org/wiki/Brute-force_attack

Quote:

Originally Posted by Vince I agree with poster above. This is just getting ridiculous. Show me one example of a SA-MP database getting exposed AND hacked.

May be, but I don't want to be responsible for those kind of things honestly.

I personally haven't heard of it happening, but do we really need to wait for this kind of thing to happened just to realize that we need to be more careful?

Besides, extra security couldn't hurt (maybe a little impact on performance).

[Ceez]

Quote:

Originally Posted by Jessyy I see a lot of people complaining about password security even for whirlpool... and 1 by 1 comes with a new idea how make our lives harder... for example hashing it with salts multiple times ... Tell me 1 person who can crack the whirlpool hash, besides Y_less the creator of the plugin... Let's try this experiment, here is 2 words can find out what words are "050bf9a0c6d5cc04b57371b1a33ed9d73ed85254d4ffedd39 2af2fb8df295efad8039b564e95afa6a9b5d9154addfa57340 e3ebd4246d865e8eaa4b62d1ab5fe"

The result is "sharp mind".
Anything else my friend?