1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Plugin Development

Linear Mode
[Plugin] MurmurHash3
Kaperstone
Banned
Posts: 3,004
Threads: 12
Joined: May 2011
#14

22.11.2017, 11:37
Quote:
Originally Posted by ShapeGaz
Посмотреть сообщение
Why not for security? 128-bit hash value could be good for security(in my opinion).
Better link than write what already been documented.
https://codahale.com/how-to-safely-store-a-password/
It's an old article but still relevant.'

some more
https://medium.com/@danboterhoven/wh...s-af330100b861
https://yorickpeterse.com/articles/use-bcrypt-fool/


MD5 and other hashes are so fast that you can literally create millions to billions of them.
MD5 and other SHA already have a library full of hashed strings and their results, it is so unsafe that you can literally googl3 "md5 decrypt" and you'll find websites with billions of records of hash results.

Salt won't save the day, even with salt you can map it up or bruteforce easily.
Take collisions to your advantage, generate similar results etc.

You need to delay requests, you need them to be heavy, you need them so even if its local, it still takes time to find a perfect match, you need them as well to take time randomly and inconsistant

Why? Bruteforce
Why different timings? Because if the hash always work slower with longer characters and your salting gives it a signficient difference, the hacker can easily know how long the password should be.
Some people go as far as calculating the time that takes to hash certain passwords and store a database of timings.

What if two use the same password? the time that takes to compute both of them will be similar?


There are lots of concerns about the security of general purpose algorithms such as md5 and sha.

Use long term solutions, bcrypt or even pbkdf2.
(I heard about scrypt exitence, ain't sure about it)

Whirlpool and other algorithms that produce long results are just a temporary solution until we get faster cpu's and can store more hashes than before.

Quote:
Originally Posted by BigETI
Посмотреть сообщение
Cryptographic hash algorithms are designed to calculate completly obfuscated hashes, where calculating back is literally impossible. Also small changes to the input needs to create a completly different hash. If none of these criteria is fulfilled, it cannot be used for password security.
For passwords, it'd be better if the same password would generate a different hash.
Find
Reply
« Next Oldest | Next Newest »


Messages In This Thread
MurmurHash3 - by ShapeGaz - 20.11.2017, 19:41
Re: MurmurHash3 - by Marllun - 20.11.2017, 19:56
Re: MurmurHash3 - by Xeon™ - 20.11.2017, 20:10
Re: MurmurHash3 - by Gammix - 20.11.2017, 23:37
Re: MurmurHash3 - by MyU - 20.11.2017, 23:38
Re: MurmurHash3 - by ShapeGaz - 21.11.2017, 09:48
Re: MurmurHash3 - by KingHual - 21.11.2017, 11:37
Re: MurmurHash3 - by ShapeGaz - 21.11.2017, 12:18
Re: MurmurHash3 - by Kaperstone - 21.11.2017, 18:35
Re: MurmurHash3 - by ShapeGaz - 21.11.2017, 19:26
Re: MurmurHash3 - by Raimis_R - 21.11.2017, 20:09
Re: MurmurHash3 - by ShapeGaz - 22.11.2017, 10:25
Re: MurmurHash3 - by BigETI - 22.11.2017, 10:41
Re: MurmurHash3 - by Kaperstone - 22.11.2017, 11:37
Re: MurmurHash3 - by BigETI - 22.11.2017, 11:50
Re: MurmurHash3 - by Kaperstone - 22.11.2017, 17:27
Re: MurmurHash3 - by ShapeGaz - 22.11.2017, 19:34
Re: MurmurHash3 - by adri1 - 22.11.2017, 21:43
Re: MurmurHash3 - by ThePhenix - 22.11.2017, 22:03
Re: MurmurHash3 - by Chaprnks - 23.11.2017, 00:19
Re: MurmurHash3 - by Kaperstone - 23.11.2017, 04:16
Re: MurmurHash3 - by ShapeGaz - 23.11.2017, 08:53
Re: MurmurHash3 - by Calgon - 23.11.2017, 10:39

Forum Jump:


Users browsing this thread: 2 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Plugin Development