Re: How to encrypt the data of a field
From: Steve Kass (skass_at_drew.edu)
Date: 11/15/04
- Next message: Steve Kass: "Re: How to encrypt the data of a field"
- Previous message: Steve Kass: "Re: New indexing algorithm??"
- In reply to: David Gugick: "Re: How to encrypt the data of a field"
- Next in thread: David Gugick: "Re: How to encrypt the data of a field"
- Reply: David Gugick: "Re: How to encrypt the data of a field"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 14 Nov 2004 23:21:36 -0500
David,
"No way to reconstruct the original data" assumes there is no context
for the original data, but that is untrue for most of the world's
passwords. If a password is a name or word in any dictionary or
magazine, or a combination of two simple words or names, possibly with a
digit appended, the password is trivial to find from the hash. If the
hash is "plain", it's as easy as a lookup in a table of pre-computed
hashes (those are easy to find or build for SHA-1, MD5, or other
well-known hash functions - you could keep a few on your keychain). If
the hash is "salted," and the salt is known or easy to spot, it's only a
little harder - you need to hash a few million possibilities and see if
you get the hash in hand.
Steve Kass
Drew University
David Gugick wrote:
> ad wrote:
>
>> Thank,
>> What is the difference between hash and encrypted password?
>>
>
> A has is one-way; meaning, there is no way to reconstruct the original
> data from the hash. En encrypted password can be decrypted. That's not
> to say that a hash is completely secure.
>
- Next message: Steve Kass: "Re: How to encrypt the data of a field"
- Previous message: Steve Kass: "Re: New indexing algorithm??"
- In reply to: David Gugick: "Re: How to encrypt the data of a field"
- Next in thread: David Gugick: "Re: How to encrypt the data of a field"
- Reply: David Gugick: "Re: How to encrypt the data of a field"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
