Monday, July 28, 2003, 2:42:07 AM, you wrote: RM> I'm not sure whether to send this to Security Basics RM> or to Vulnerability Dev list, the moderator will RM> surely tell me ;) trying to make secure authorization, eh? RM> If so, what would the hash for the password: Fir88x!t RM> Password321 - D5FBB0C7C20D9CE74407A5B354A6D6F1 RM> Pa$$word321 - 8C4A8322764A87E62F90455FEA1F23B5 i would think: hash1 = f(first 8 chars), hash2 = f(hash1 ^ (next 8 chars)), ... but password guessing.. who needs that? and, moreover, in wrong(rarely used) direction? with that much of information (or even whether one can try unlimited passwords/responses) you are safe unless your cryptoz are known and tested against possible attack methods. but just allow someone to look inside your software to determine what algorythms used, and generation of those hashes from passwords will be reproduced in a matter of seconds. -- have phun, Vizzy
This archive was generated by hypermail 2b30 : Mon Jul 28 2003 - 17:45:10 PDT