SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Algorithm Secrecy is not Security


Algorithm Secrecy is not Security

Author
Message
Nadrek
Nadrek
SSCommitted
SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)

Group: General Forum Members
Points: 1862 Visits: 2726
umailedit (3/19/2013)
Not so many with SHA-1 or one of the SHA-2 family with 100 rounds, either. You're not arguing for encryption vs. hashing, you're arguing for enough rounds to take more time vs. not enough rounds (say, 1).


I am arguing for one way encryption rather than hashing. Hashing functions are ridiculously fast. even with a hundred rounds you can try 10000 passwords per second as shown by the following sample php I wrote for you.


Then run 100,000,000 rounds; the actual number is completely irrelevant. Run as many rounds of whatever you choose as you need to in order to meet your requirements. N rounds is still at least N times slower than 1 round.

If you really want to make it take longer to crack your passwords, do as many rounds as you can on hardware as close to the optimum cracking hardware as is practical - if that's GPU's, then ideally use GPU's (or NVIDIA Tesla cards - not as fast as the fastest consumer GPU's, but warrantied for a production duty cycle, which is important - and major server manufacturers will put them under the same mission critical warranty as the rest of the server). If you need CPU's with AES-NI instructions, then make sure you're using such.
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search