...

View Full Version : stronghold password???



sir.jones
01-19-2010, 07:13 PM
how do you create a strong password?

let say using MD5, sha1, salt, base64, hash etc... or combine of them or what?
and please type the sample
Thank You

Dormilich
01-19-2010, 08:38 PM
you create a strong password by

- not using words (of any language)
- not using combinations (e.g. birthdate)
- a healthy mix of upper/lower case letters, numbers and special characters (@, $, %, etc.)

djm0219
01-20-2010, 11:21 AM
I'm a big fan of pass phrases rather than arbitrarily limited lengths of "words" of some combination. A sentence is a lot easier to remember than a sequence of meaningless letters, numbers and other characters.

sir.jones
01-20-2010, 05:05 PM
ok, as a webmaster or administrator of website how do you protect your password page? another people maybe use e.g:

$str=$_POST['password'];
$pwd=md5($str);

another one e.g.

$pwd = hash_hmac('sha512', $salt . $password . $pepper, $key);
The $key would be a value in the database that is unique to each user. The $salt and the $pepper are randomly generated strings. The $password is the password of course.

and what tricky do you have?
Regards

JAY6390
01-20-2010, 05:10 PM
Use a salt and SHA256 or SHA512

oracleguy
01-20-2010, 05:42 PM
ok, as a webmaster or administrator of website how do you protect your password page? another people maybe use e.g:

$str=$_POST['password'];
$pwd=md5($str);


Don't use MD5, it is considered compromised these days. Especially without using a salt since it would make it especially vulnerable to rainbow table attacks.

sir.jones
01-21-2010, 01:46 PM
Ok all, nice suggestions...
so what do you know until these day the weaknesses and advantage each of them
1. md5
2. sha1, sha256, sha512
3. base64_encode
4. hash
6. salt
7. another else
???

oracleguy
01-21-2010, 08:06 PM
Well those aren't all the same thing.

MD5, SHA1, SHA256 and SHA512 are different one way hashing algorithms. base64_encode is just an encoding scheme for character data.

A salt is data you add onto the actual data you are going to hash to help prevent someone using a rainbow table to figure out what data you hashed.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum