Posts: 15,941
Threads: 0
Joined: Jun 2008
There are tutorials on salting and running an encryption multiple times - go read them.
Posts: 680
Threads: 26
Joined: Mar 2013
You have to take practicality into it. Sure it can be cracked in theory, but strong encryptions can take hundreds of years to crack, at least with current technology.
Posts: 198
Threads: 31
Joined: Jan 2012
Reputation:
0
Thanks for the replys guys, im looking into salting them now.
Posts: 1,609
Threads: 0
Joined: Mar 2010
Reputation:
0
Wow, thanks for the heads up. I got a bunch of scripts not using salt, nevermind whirlpool.
Posts: 15,941
Threads: 0
Joined: Jun 2008
And this is why I'm constantly telling people NOT to write their own user systems - getting them right is hard and vitally important. Any other system you can bodge together with bugs, user systems you have to really know what you're on about (and I don't claim to be - I've had to update y_users multiple times with more security).
Posts: 15,941
Threads: 0
Joined: Jun 2008
Has anyone here actually mentioned multiple rounds yet? Many hash systems now work by taking a password, salting it, encrypting it, then hashing the hash several THOUSAND times (with salts at different stages for good measure). This is so that the hash takes a noticeable amount of time to complete, thus making brute-force crack intractable (would take longer than any reasonable time available). If your hash system takes half a second and the user got the right password that's fine, but if you're trying to crack the password and have to run 1,000,000,000 attempts, that's nearly 16 years!
Also, how many people here blank the memory the plain-text password was stored in?
Posts: 113
Threads: 12
Joined: Nov 2012
Reputation:
0
How do I salt my Whirlpool passwords? Can anyone help me with that?
Posts: 15,941
Threads: 0
Joined: Jun 2008
Quote:
Originally Posted by KiNG3
How do I salt my Whirlpool passwords? Can anyone help me with that?
|
Sure:
Quote:
Originally Posted by Y_Less
And this is why I'm constantly telling people NOT to write their own user systems - getting them right is hard and vitally important. Any other system you can bodge together with bugs, user systems you have to really know what you're on about (and I don't claim to be - I've had to update y_users multiple times with more security).
|
Posts: 113
Threads: 12
Joined: Nov 2012
Reputation:
0
That doesn't, exactly explain to me HOW to salt the passwords.