I''m building a site that requires user log-in and i have seen the Agile book using sha1 for password hashing while R-Forum uses md5. Is there any compelling argument to use one over the other? -- Posted via http://www.ruby-forum.com/.
On 2/5/06, Gonzalo Rubio <gonchuki@gmail.com> wrote:> I''m building a site that requires user log-in and i have seen the Agile > book using sha1 for password hashing while R-Forum uses md5. > > Is there any compelling argument to use one over the other?Both have problems, both are fine... http://www.schneier.com/blog/archives/2005/02/sha1_broken.html -- Jonas Elfstr?m
MD5 is known to be broken. Completely and utterly. SHA1 has been sucessfully attacked, but not broken. I would go with SHA1 and a good SALT. On 2/5/06, Gonzalo Rubio <gonchuki@gmail.com> wrote:> > I''m building a site that requires user log-in and i have seen the Agile > book using sha1 for password hashing while R-Forum uses md5. > > Is there any compelling argument to use one over the other? > > -- > Posted via http://www.ruby-forum.com/. > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >-- Matt Secoske http://www.secosoft.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060205/797df69f/attachment.html
MD5 isn''t broken. Some guys could make *colisions* w/ strings encrypted w/ MD5. It just means that somebody can possibly find a string that corresponds to the MD5 string, originally encripted via another string. Ex.: "somestring" = 123abc123abc123abc123abc123abc123abc "anotherstring" = 123abc123abc123abc123abc123abc123abc Obviously, its not a trivial task to get a "colision" MD5 string. Its just easier to find another vulnerability in your app than to get a colision. So, both are secure, but *I* prefer SHA1 because it have a variable length, making colisions even harder. Regards, Juca. Matt Secoske wrote:> MD5 is known to be broken. Completely and utterly. SHA1 has been > sucessfully attacked, but not broken. > > I would go with SHA1 and a good SALT. > > > On 2/5/06, * Gonzalo Rubio* <gonchuki@gmail.com > <mailto:gonchuki@gmail.com>> wrote: > > I''m building a site that requires user log-in and i have seen the > Agile > book using sha1 for password hashing while R-Forum uses md5. > > Is there any compelling argument to use one over the other? > > -- > Posted via http://www.ruby-forum.com/. > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org <mailto:Rails@lists.rubyonrails.org> > http://lists.rubyonrails.org/mailman/listinfo/rails > > > > > -- > Matt Secoske > http://www.secosoft.net > >------------------------------------------------------------------------ > >_______________________________________________ >Rails mailing list >Rails@lists.rubyonrails.org >http://lists.rubyonrails.org/mailman/listinfo/rails > >
On 2/5/06, Juraci Krohling Costa <juca@jkcosta.info> wrote:> > MD5 isn''t broken. Some guys could make *colisions* w/ strings encrypted > w/ MD5. It just means that somebody can possibly find a string that > corresponds to the MD5 string, originally encripted via another string. > Ex.: > "somestring" = 123abc123abc123abc123abc123abc123abc > "anotherstring" = 123abc123abc123abc123abc123abc123abcThis equals broken. Let me give you a more appropriate example: "password1" = 123abc123abc123abc123abc123abc123abc "anotherpassword" = 123abc123abc123abc123abc123abc123abc Obviously, its not a trivial task to get a "colision" MD5 string. Its> just easier to find another vulnerability in your app than to get a > colision.It is not trivial, but not difficult either. So, both are secure, but *I* prefer SHA1 because it have a variable> length, making colisions even harder. > > Regards, > Juca. > >-- Matt Secoske http://www.secosoft.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060205/2bbaaabe/attachment-0001.html
That does not equal broken for the purposes of login. An attacker would have to somehow get his hands on the md5 representation which doesn''t leave your db / app space usually.> > "somestring" = 123abc123abc123abc123abc123abc123abc > > "anotherstring" = 123abc123abc123abc123abc123abc123abc > > This equals broken. Let me give you a more appropriate example: > > "password1" = 123abc123abc123abc123abc123abc123abc > "anotherpassword" = 123abc123abc123abc123abc123abc123abc-- Tobi http://shopify.com - modern e-commerce software http://typo.leetsoft.com - Open source weblog engine http://blog.leetsoft.com - Technical weblog
thanks for all the responses folks. I guess i will be using SHA1 then and as for this: Tobias Luetke wrote:> That does not equal broken for the purposes of login. An attacker > would have to somehow get his hands on the md5 representation which > doesn''t leave your db / app space usually.my argument is based in the case that there could be more than one admin on the site so he also has access to the db, and also since i won''t be using SSL or anything like that, the user/password hash could be sniffed. I know, i''m a bit paranoid but you know the drill... you are never overzealous enough when it comes to security. -- Posted via http://www.ruby-forum.com/.
Gonzalo Rubio wrote:> thanks for all the responses folks. I guess i will be using SHA1 then > > > and as for this: > > Tobias Luetke wrote: > >>That does not equal broken for the purposes of login. An attacker >>would have to somehow get his hands on the md5 representation which >>doesn''t leave your db / app space usually. > > > my argument is based in the case that there could be more than one admin > on the site so he also has access to the db, and also since i won''t be > using SSL or anything like that, the user/password hash could be > sniffed. > I know, i''m a bit paranoid but you know the drill... you are never > overzealous enough when it comes to security. >Are you using client side SHA1 library? If not.... and you are using SSL, how exactly are you planning on providing security for the administrator''s login credentials? Zach
On 2/5/06, Gonzalo Rubio <gonchuki@gmail.com> wrote:> thanks for all the responses folks. I guess i will be using SHA1 then > > > and as for this: > > Tobias Luetke wrote: > > That does not equal broken for the purposes of login. An attacker > > would have to somehow get his hands on the md5 representation which > > doesn''t leave your db / app space usually. > > my argument is based in the case that there could be more than one admin > on the site so he also has access to the db, and also since i won''t be > using SSL or anything like that, the user/password hash could be > sniffed. > I know, i''m a bit paranoid but you know the drill... you are never > overzealous enough when it comes to security.If someone you don''t trust has access to your database, you have bigger problems than reverse engineering a user password. -- James