Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

MD2 Expand / Collapse
Author
Message
Posted Thursday, May 21, 2009 9:18 PM
SSChasing Mays

SSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing Mays

Group: General Forum Members
Last Login: Tuesday, July 23, 2013 6:34 AM
Points: 654, Visits: 265
Comments posted to this topic are about the item MD2
Post #721817
Posted Friday, May 22, 2009 12:32 PM


SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Wednesday, November 06, 2013 12:34 PM
Points: 480, Visits: 214
This is an old hashing algorithm. There's MD3, MD4, MD5 and others called different. Somebody there with it's own hashing algorithm?

Bye

Post #722310
Posted Sunday, May 24, 2009 5:33 PM


Mr or Mrs. 500

Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500

Group: General Forum Members
Last Login: Tuesday, January 14, 2014 1:56 PM
Points: 522, Visits: 553
and apparently is considered insecure (MSDN Link) along with the other MD hashes. SHA is apparently the way to go instead.

Of course I don't really play in that space so can't comment as to the validity of those assertions. Any security experts care to comment?
Post #722811
Posted Thursday, May 28, 2009 9:59 AM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Thursday, November 14, 2013 3:13 PM
Points: 306, Visits: 1,458
David B (5/24/2009)
and apparently is considered insecure (MSDN Link) along with the other MD hashes. SHA is apparently the way to go instead.

Of course I don't really play in that space so can't comment as to the validity of those assertions. Any security experts care to comment?


I'm not a security expert but I am enough of a nerd to have enjoyed studying cryptography.

There are a couple of SHA versions out there, and the NSA has a contest on to decide on the next generation of SHA (NIST).

The MD family isn't really secure anymore and neither is SHA-1, but they range on a sliding scale of "script kiddies love it" to "just don't store national secrets".
Since secure from a cryptographer's viewpoint involves an attacker with the full resources of a large multi-national corporation or major national government I've never lost sleep over using MD5 or SHA-1 in my less that top secret applications.

Of course no hash algorithm in the world will protect from the user whose password is password.

-DW
Post #725203
Posted Thursday, May 28, 2009 4:58 PM


Mr or Mrs. 500

Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500

Group: General Forum Members
Last Login: Tuesday, January 14, 2014 1:56 PM
Points: 522, Visits: 553
Cool, thanks for that.

so yeah, at the end of the day it comes back to the old "Acceptable Risk" guideline.

And if I was storing anything so secret that I had to be concerned I think I would wrap the stuff up in more than a single layer of security :)

-d
Post #725537
Posted Sunday, March 21, 2010 5:02 AM


SSCrazy Eights

SSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy Eights

Group: General Forum Members
Last Login: Today @ 3:18 PM
Points: 8,277, Visits: 8,720
I'm going to be pedantic here, I'm afraid.

The cryptoAPI name for the MD2 hash algorithm is not MD2, but CALG_MD2 (http://msdn.microsoft.com/en-us/library/ms904264.aspx). So MD2 is NOT the cryptoAPI name for MD2 - the "correct" answer is wrong (that didn't stop me, or probably anyone else, from ticking it though) unless of course the wrong question has been provided.

MD2 is actually the SQL Server HASHBYTES name for MD2, not the CryptoAPI name.

Referring to http://www.rfc-archive.org/getrfc.php?rfc=1319 is not very useful for information about either CryptoAPI or SQL Server. It would be better to refer to http://msdn.microsoft.com/en-gb/library/ms174415.aspx for MD2 in SQL Server.

Or if you really mean the CryptoAPI name, so that that the answer is right but the question is wrong, you should refer to the CryptoAPI reference given above.


Tom
Post #887056
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse