DISQUS

Hello! The comments on this profile are unclaimed and thus are unverified.

Do they belong to you? Claim these comments.

Unregistered

Feeds

aliases

http://www.mybloglog.com/buzz/

http://www.mybloglog.com/buzz/

Is this you? Claim Profile »

11 months ago

in A New, Simple Way to Salt your Hashes on Code Spatter

The problem with this is you have created a pattern which could (and probably does) introduce a cryptographic weakness. If someone knew or could guess you were using this tactic then they might be able to exploit it.

While I don't have an example of a specific weakness to MD5 to hand one of the basic rules of exploiting algorithms is knowing some of the source material or knowing about patterns within it.

The point of using a salt is to use a piece of unknown material which is unique in each string. It's common to generate random junk to use rather than anything meaningful.

Jump to »

Returning? Login

DISQUS

http://www.mybloglog.com/buzz/

Reblog this comment