activee Posted August 9, 2013 Share Posted August 9, 2013 (edited) Hi, so it's not really a coding question but md5 got me a bit worried. I just learned about it and I was wondering what would stop someone to create a table with each encryption possibe from 0 to 15 characters and save it in a table. Then if he finds a md5-encrypted password he can then translate it via his table assuming that the original password is 15 characters or less. Is that right ? that freaks me out a bit tbh. Edited August 9, 2013 by activee Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted August 9, 2013 Share Posted August 9, 2013 Easiest way - don't use MD5. Rainbow tables are readily available for this and the lower level SHA encryptions as well. Even with MD5, you should always apply a SALT to whatever you are hashing, a good SALT will increase the security of any hash significantly. Quote Link to comment Share on other sites More sharing options...
kicken Posted August 9, 2013 Share Posted August 9, 2013 Read through this thread: How to safely store passwords for some details about hashing, rainbow tables, salts, etc. That should give you a lot of good info to start with. The short answer to your questions though: what would stop someone to create a table with each encryption possibe from 0 to 15 characters and save it in a table. Then if he finds a md5-encrypted password he can then translate it via his table assuming that the original password is 15 characters or less. Is that right? The value found may or may not be the original password, but if it results in the same hash then it will work just as well. Two values resulting in the same hash is possible, and is known as a collision. On a side note, MD5 is not encryption, it is a hash. Something that has been encrypted can be readily decrypted. That is not possible with MD5 and other hashing algorithms. As such, do not reference things as being MD5-encrypted, use md5-hashed or similar. Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted August 9, 2013 Share Posted August 9, 2013 Actualy, the act of encrypting is just the application of a crytographic function to a message in order to create a digest - of which hashing is a "one way" example of this. So the use of encryption to describe one way hashing isn't strictly innacurate. Quote Link to comment Share on other sites More sharing options...
requinix Posted August 9, 2013 Share Posted August 9, 2013 what would stop someone to create a table with each encryption possibe from 0 to 15 characters and save it in a tableThe astronomical number of possibilities. (Thus rainbow tables.) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.