Security Basics mailing list archives

Re: Secure Login Form

From: krymson () gmail com
Date: 17 Jan 2008 19:26:04 -0000

You're right, SHA1 is a step up from MD5, but not because MD5 can be cracked. Rather, MD5 can be collided or looked up 
via rainbow tables or Google (lookups are very limited, however). I'm nitpicking, I know. :)

As a challenge, here's a hash of my domain admin password: d41d8cd98f00b204e9800998ecf8427e

Happy cracking!


<- snip ->
to take the password from the webform and hash it using the SHA1 algorithm
before passing it to the database for a check via a PHP file. I chose the
SHA1 algorithm because MD5, while common, is fairly easy to crack if
someone gets ahold of the MD5 hash. SHA1 is more robust (someone correct
me if I am wrong in this).

Current thread:

Secure Login Form Jonathan Askew JBASKEW (Jan 16)
- Re: Secure Login Form cory (Jan 16)
- Re: Secure Login Form Josh Haft (Jan 16)
- RE: Secure Login Form benoni.martin (Jan 17)
- Re: Secure Login Form Rodrigo Blanco (Jan 19)
- Re: Secure Login Form Joe Yong (Jan 21)
- <Possible follow-ups>
- Re: Secure Login Form krymson (Jan 17)
  - Re: Secure Login Form MaddHatter (Jan 18)
  - Re: Secure Login Form Bipin Upadhyay (Jan 19)