Re: Idea for securityfix in HTML from Xatr0z on 2002-11-16 (www-forms@w3.org from November 2002)

From: Xatr0z <xatr0z@home.nl>
Date: Sat, 16 Nov 2002 12:34:22 +0100
To: "David Woolley" <david@djwhome.demon.co.uk>
Cc: <www-forms@w3.org>, <www-html@w3.org>, <www-html-editor@w3.org>
Message-ID: <00f001c28d64$1c693c60$44b479d9@emmen1.dr.home.nl>

>
> > Yes, but a lot of systems use MD5 hashes in databases, for passwords by
> > example.
>
> Storing an MD5 hash in a database gives no security against compromises of
> the password in transit; it also gives little real protection if the
database
> is compromised, given that most real life passwords are vulnerable to
> dictionary attacks and MD5 is a fast algorithm compared with, say, the
> original Unix hash.
>

This is true, but the fact is that a lot of WWWebsites use such databases,
and this all could be made MORE secure, but it can't be COMPLETELY secure.


Regards,

D. Willems "Xatr0z" <xatr0z at users dot sourceforge dot net>

Received on Saturday, 16 November 2002 06:36:26 UTC