Re: Hash MD5, Sha1 and Length

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: shapper <mdmoura@xxxxxxxxx>
Date: Tue, 15 Sep 2009 05:18:37 -0700 (PDT)

On Sep 15, 11:56 am, rossum <rossu...@xxxxxxxxxxxx> wrote:

On Mon, 14 Sep 2009 22:23:24 -0400, Arne Vajhøj <a...@xxxxxxxxxx>
wrote:

rossum wrote:

The value of REPEATS needs to be set so that the hash calculation
takes about 0.25 second on whatever machine you are using.

That comes as a cost.

4 logins (attempts) per second cost a CPU core.

Correct, security costs. If you want the security then you pay the
cost. To quote Bruce Schneier: "There are already enough insecure
fast systems, we don't need another one." How much will it cost if an
attacker gets access to the passwords? How much will it cost to add
some more CPU to the server farm? Those are questions for the OP to
answer. If a court case ensues after loss of data then it is
important to be able to show that best security practice was being
used.

For high volume it costs. And besides the increase in DoS
vulnerability may be more important than the added protection
against exploiting a stolen database.

That is the sort of thing that the OP has to assess. We do not know
that value of the data protected by the passwords.

rossum

Arne

In this case the most important data I have for each user its their
email ... In this case security is not a "big issue" ...
But I would like to have a secure and correct way to do this ...

I can then, from project to project, change the REPEATS from 25 000 to
10 000 or just 1 according to the level of security and processor cost
for each situation ...

Rossum,

Thank you for the code. I am just going to add a few things test it
and then post what I did here.
.

Follow-Ups:
- Re: Hash MD5, Sha1 and Length
  - From: Arne Vajhøj
- Re: Hash MD5, Sha1 and Length
  - From: shapper

References:
- Hash MD5, Sha1 and Length
  - From: shapper
- Re: Hash MD5, Sha1 and Length
  - From: Tom Spink
- Re: Hash MD5, Sha1 and Length
  - From: shapper
- Re: Hash MD5, Sha1 and Length
  - From: rossum
- Re: Hash MD5, Sha1 and Length
  - From: shapper
- Re: Hash MD5, Sha1 and Length
  - From: rossum
- Re: Hash MD5, Sha1 and Length
  - From: Arne Vajhøj
- Re: Hash MD5, Sha1 and Length
  - From: rossum

Prev by Date: send SMS to a particular set of users using only OCS(Office Communications server)
Next by Date: Unit of Work Problem
Previous by thread: Re: Hash MD5, Sha1 and Length
Next by thread: Re: Hash MD5, Sha1 and Length
Index(es):
- Date
- Thread

Relevant Pages

Re: Final Year Project Brainstorming
... An interesting and always relevant topic is passwords. ... with a real-life scenario where Ubuntu's security is better than Vista ... The computers were very old so they were told they would have to ... Figure the cost of IT person for Vista vs ...
(Ubuntu)
RE: Concepts: Security and Obscurity
... resources are limited and thus there is a cost to life. ... It is not obscurity in the manner being ... more you spend on security the less of an advantage is gained. ... It also ignores the requirements of a control function. ...
(Security-Basics)
RE: Concepts: Security and Obscurity
... International Journal of Social Economics ... Security is an economic decision. ... risk and always cost. ... Subject: Concepts: Security and Obscurity ...
(Security-Basics)
RE: Impact of Global recession on Security !
... Intimate with clients? ... Cost and efficiency projects still need security. ... Impact of Global recession on Security! ...
(Security-Basics)
RE: Concepts: Security and Obscurity
... I have at no point claimed absolute security measures or cost ... nothing to do with security is pure head in the sand ignorance. ... It also ignores the requirements of a control function. ... of transformation pressure " Cambridge Journal of Economics, ...
(Security-Basics)