W3C home > Mailing lists > Public > www-html-editor@w3.org > October to December 2002

Re: Idea for securityfix in HTML

From: Xatr0z <xatr0z@home.nl>
Date: Sat, 16 Nov 2002 12:34:22 +0100
Message-ID: <00f001c28d64$1c693c60$44b479d9@emmen1.dr.home.nl>
To: "David Woolley" <david@djwhome.demon.co.uk>
Cc: <www-forms@w3.org>, <www-html@w3.org>, <www-html-editor@w3.org>
> > Yes, but a lot of systems use MD5 hashes in databases, for passwords by
> > example.
> Storing an MD5 hash in a database gives no security against compromises of
> the password in transit; it also gives little real protection if the
> is compromised, given that most real life passwords are vulnerable to
> dictionary attacks and MD5 is a fast algorithm compared with, say, the
> original Unix hash.

This is true, but the fact is that a lot of WWWebsites use such databases,
and this all could be made MORE secure, but it can't be COMPLETELY secure.


D. Willems "Xatr0z" <xatr0z at users dot sourceforge dot net>
Received on Saturday, 16 November 2002 06:36:27 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:08:47 UTC