W3C home > Mailing lists > Public > www-html@w3.org > November 2002

Re: Idea for securityfix in HTML

From: Xatr0z <xatr0z@home.nl>
Date: Sat, 16 Nov 2002 12:34:22 +0100
Message-ID: <00f001c28d64$1c693c60$44b479d9@emmen1.dr.home.nl>
To: "David Woolley" <david@djwhome.demon.co.uk>
Cc: <www-forms@w3.org>, <www-html@w3.org>, <www-html-editor@w3.org>
>
> > Yes, but a lot of systems use MD5 hashes in databases, for passwords by
> > example.
>
> Storing an MD5 hash in a database gives no security against compromises of
> the password in transit; it also gives little real protection if the
database
> is compromised, given that most real life passwords are vulnerable to
> dictionary attacks and MD5 is a fast algorithm compared with, say, the
> original Unix hash.
>

This is true, but the fact is that a lot of WWWebsites use such databases,
and this all could be made MORE secure, but it can't be COMPLETELY secure.


Regards,

D. Willems "Xatr0z" <xatr0z at users dot sourceforge dot net>
Received on Saturday, 16 November 2002 06:36:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 March 2012 18:15:53 GMT