Password protecting a data file... how to cope with forgotten password?
Richard Gaskin
ambassador at fourthworld.com
Thu Jun 14 15:50:10 EDT 2012
Dave Cragg wrote:
> On 13 Jun 2012, at 14:47, Richard Gaskin wrote:
>
>> MD5 has been known to be theoretically crackable for some years,
>> and this has become a reality as noted in recent news:
>>
>> MD5 password scrambler 'no longer safe'
...
>
> I've read about this, but I'm still unclear about exactly what the
> problem is. I understand that MD5 was "cracked" some years ago making
> it unsuitable for use as a checksum. (Given the original data to
> which MD5 is applied, it is possible to produce another set of data
> that will produce the same MD5 checksum.) But this didn't affect
> MD5's usefulness as a hashing method for passwords. From what I've
> read, the recent problem is not that MD5 has been cracked, but that
> it is too fast and therefore allows brute force attacks on lists of
> hashed passwords, even those that have been salted. My first thought
> was that applying MD5 twice or more times would perhaps increase its
> security, but nowhere do I see this suggested as a solution. If
> anyone can add any information or point out my probable
> misunderstanding, I'd be very grateful.
I'm certainly no expert on hashing. I just do what I can to follow
those who claim to know. The general feeling I get is that sha1 is
considered a better choice than mg5, and since both are equally easy to
use in LiveCode it makes no difference to me but somehow I sleep better.
Maybe it's like keeping the CGI engine in the root folder outside of the
web directory - a friend of mine says it's like the subtle difference
between quiche and egg pie.
:)
--
Richard Gaskin
Fourth World
LiveCode training and consulting: http://www.fourthworld.com
Webzine for LiveCode developers: http://www.LiveCodeJournal.com
Follow me on Twitter: http://twitter.com/FourthWorldSys
More information about the use-livecode
mailing list