Re: Are we sure we should be using MD5?

From: "Patrick Hulin" <patrick hulin gmail com>
To: artweb-list gnome org
Subject: Re: Are we sure we should be using MD5?
Date: Sun, 23 Apr 2006 13:58:19 -0400

Here's a patch that sets it up so that when a user logs in, their password is added as a sha1 to a different column.

http://xbean.gotdns.com/art-web-sha1.diff

On 4/22/06, jamesm <jamesm bluebottle com> wrote:

Patrick Hulin wrote:
> MD5 has been totally cracked <http://en.wikipedia.org/wiki/MD5>. We
> should probably be using SHA-256 or something. Admittedly, it would be
> hard for someone to get the hashes, but it could happen.
> ------------------------------------------------------------------------
>
> _______________________________________________
> artweb-list mailing list
> artweb-list gnome org
> http://mail.gnome.org/mailman/listinfo/artweb-list
>
Is it worth the effort to crack each MD5 sum in the the database and
re-enter them as SHA sums?

James

References:
- Are we sure we should be using MD5?
  - From: Patrick Hulin
- Re: Are we sure we should be using MD5?
  - From: jamesm

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]