[Isolated]

Hello,

I'm running a poll to see what you guys use in ways on encryption. Please take a second of your time to vote so I can see what should be included in an upcoming release.

Thank you!

EDIT: Sorry for the typo in the poll!

[DRUNKY]

Whirlpool

[Isolated]

@Drunky, you voted MD5, does this mean you use both? Which do you mainly use.

[Sledgehammer]

Whirlpool is the most securest out of the lot, where as the others can be cracked.

[Mauzen]

Quote:

Originally Posted by Sledgehammer Whirlpool is the most securest out of the lot, where as the others can be cracked.

You can crack them all. Without salt its a matter of milliseconds.

[Extremo]

Quote:

Originally Posted by Mauzen You can crack them all. Without salt its a matter of milliseconds.

I'd say that entirely depends on if someone has already created a database of all the possible input - hash references and even then what if your password isnt in those bounds? Not to mention the time required to traverse such a large database. I don't think those are milliseconds at all not to mention that it has become quite popular among some industries to hash the password for minutes, in order to increase the time required to create such a database.

However yes, salt's definitely add a giant layer of security. However the combination of hashing multiple times and a salt make the time required to crack it so vast, it is a pointless task at this point.

[Isolated]

Quote:

Originally Posted by Mauzen You can crack them all. Without salt its a matter of milliseconds.

Wrong info

[zT KiNgKoNg]

Quote:

Originally Posted by Isolated Technically, Whirlpool has yet to be cracked, so he was right with his statement, unless you're talking about the rest.

Are you sure, as I've tested this with a few "Online Decrypts" and used PHP & PAWN hashed password, and they've always come out as Expected....

But OT: I usually use a two or three stage encryption with a SALT, I don't know if its me being me or the best thing to do regardless.

[Isolated]

@above, I do apologize the topic I read was out of date, it can now be cracked using a rainbow table or similar. But that's just a large table of hashes, useless with salts.

[Mauzen]

Quote:

Originally Posted by Isolated Technically, Whirlpool has yet to be cracked, so he was right with his statement, unless you're talking about the rest.

Most of modern hash algorithms have yet to be cracked, though most of them are designed and mathematically proven to be 100% irreversible. But thats no guarantee for security anymore.

Imagine something like an enormous database that contains the hash values and their source string, for pretty much every possible combination of characters. Now you just search for the hash value you want to "crack", and youll end up with the original, unhashed string, without having to calculate the billions and trillions of hashs on your own computer.

Thats no fiction but is easily available. Its called "Rainbow table", and they exist for every hash method with an open algorithm - including whirlpool. Using unsalted hashs isnt any better than using plaintext, no matter what hashing method you use. Properly salted MD5 owns unsalted Whirlpool by far.

[RebeloX]

Quote:

Originally Posted by Vince Encoding != Encrypting != Hashing MD5 and SHA1 are vulnerable and shouldn't be used for new projects. udb_hash is an abomination. This is not a hashing algorithm, but rather a checksum algorithm, and can be cracked in seconds. I use Sha512 with a salt of equal length.

Has Vince said, Encryption != Hashing.
Encryption is the process of encoding messages or information in such a way that only authorized parties can read it and Hashing is a hash function which is considered practically impossible to invert, that is, to recreate the input data from its hash value alone.

Quote:

Originally Posted by Isolated Technically, Whirlpool has yet to be cracked, so he was right with his statement, unless you're talking about the rest.

I'm not an expert on this subject but what I know about this is, hash are considered practically impossible to invert, which means there is no reverse function but sometimes they can reach limits like MD5, I know that MD5 has collision problems, this means that you can type two words and obtain the same hash. But the question is, how do you crack a hash? Create a wordlist. If you search on ****** you'll find websites that crack hash's because they've a hugh wordlist but sometimes they can't crack because that hash doesn't exist on the wordlist.
So what they create an website to hash and crack at the same time, so when you type lololol23 they'll record this on the database. The solution is to use salt, so when the user types lololol23 you add a salt and the password will be lololol23samp and with this your hashing system will be more secured.

[PT]

Well i prefer use Whirlpool or Sha512, i'm not expert on this but for what i learn or what i search i can see this 2 are very secure ways to store data.

[Crystallize]

Sha1

[Isolated]

it's nice to see people researching their chosen methods, and I'm in no way judging but @Wizzard2H; if I were you, again not judging, I'd look into different methods of hashing. Keeping up to date with security on your server or application is key.

[Crystallize]

Well , I'm out of scripting , but I always used SHA1 even tho there were better hashing methods :P

[Kapersky™]

Whirpool.

[ev0lution]

Bcrypt, it includes a salt by default and has a variable 'cost', so you can increase the time it takes to run as computers become faster in order to prevent billions of hashes being checked per second.

[biker122]

I use Whirlpool and SHA1.
But... I use Whirlpool in most of my projects..

[Zalance]

Whirlpool.

[Kaperstone]

Never use SHA1 or MD5 for password checking.