I'm not sure you have understand what sha512->whirlpool->md5 mean.
This mean, pass user password through sha512 function, you'll get a 64
chars long hash, after pass this 64 long hash through whirlpool,
you'll get another 64 long hash of previous 64 chars hash, and after,
pass this second hash through md5, you'll get 32 long md5 hash.
Maybe you should reread my previous post, not sure.
But if having a rainbow table of 14 chars string is 64gigabytes, do
you imagine what kind of rainbow table do you need for all possible 64
chars strings ?
And if you are realy paranoiac, you can mix salted passwords with
multiple-times hashing, this will certainly make impossible restoring
of the password with any resources..
going to use a botnet to build rainbow tables for it.
I don't mean to be rude, why don't use a botnet to brute force any
protection in the world, that's easy.
On Jan 27, 2008 9:50 PM, Brian Eaton <eaton.lists@xxxxxxxxx> wrote:
On Jan 26, 2008 9:16 PM, Nicolae Namolovan <adrenalinup@xxxxxxxxx> wrote:
Currently in my application I have hash function what is doing this %)
sha512->whirlpool->md5
This is scary. I don't mean to be rude, but I hope your scheme never
becomes popular and is never used to protect anything important. If
your scheme does get popular, someone is going to use a botnet to
build rainbow tables for it. What are you going to do then? (Hint:
adding another hash isn't going to fix it.)
Does anyone have a recommendation for a really good open source
password authentication and storage system?
Cheers,
Brian