Password protecting a data file... how to cope with forgotten password?

Richard Gaskin ambassador at fourthworld.com
Thu Jun 14 15:50:10 EDT 2012


Dave Cragg wrote:

 > On 13 Jun 2012, at 14:47, Richard Gaskin wrote:
 >
 >> MD5 has been known to be theoretically crackable for some years,
 >> and this has become a reality as noted in recent news:
 >>
 >>   MD5 password scrambler 'no longer safe'
...
 >
 > I've read about this, but I'm still unclear about exactly what the
 > problem is. I understand that MD5 was "cracked" some years ago making
 > it unsuitable for use as a checksum. (Given the original data to
 > which MD5 is applied, it is possible to produce another set of data
 > that will produce the same MD5 checksum.) But this didn't affect
 > MD5's usefulness as a hashing method for passwords. From what I've
 > read, the recent problem is not that MD5 has been cracked, but that
 > it is too fast  and therefore allows brute force attacks on lists of
 > hashed passwords, even those that have been salted. My first thought
 > was that applying MD5 twice or more times would perhaps increase its
 > security, but nowhere do I see this suggested as a solution. If
 > anyone can add any information or point out my probable
 > misunderstanding, I'd be very grateful.

I'm certainly no expert on hashing.  I just do what I can to follow 
those who claim to know.  The general feeling I get is that sha1 is 
considered a better choice than mg5, and since both are equally easy to 
use in LiveCode it makes no difference to me but somehow I sleep better.

Maybe it's like keeping the CGI engine in the root folder outside of the 
web directory - a friend of mine says it's like the subtle difference 
between quiche and egg pie.

:)

--
  Richard Gaskin
  Fourth World
  LiveCode training and consulting: http://www.fourthworld.com
  Webzine for LiveCode developers: http://www.LiveCodeJournal.com
  Follow me on Twitter:  http://twitter.com/FourthWorldSys




More information about the Use-livecode mailing list