[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [WEB SECURITY] Hashing and entropy

From: "Martin O'Neal" <martin.oneal@xxxxxxxxxxxx>
Subject: RE: [WEB SECURITY] Hashing and entropy
Date: Fri, 20 Jun 2008 06:17:12 +0100

> Has anyone seen a solution to this 
> published anywhere? Are any of 
> these assumptions false? Did I 
> miss anything?

The simple answer may be that a hash is inappropriate for the context.
A better solution may be achieved through asymetric/symetric crypto, or
a lookup table (between the PAN [in a secure format] and a unique,
suitably large random ID).

Martin...


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

References:
- Re: [WEB SECURITY] Hashing and entropy
  - From: Oliver Lavery

Prev by Date: Re: [WEB SECURITY] Hashing and entropy
Next by Date: Re[2]: [WEB SECURITY] Hashing and entropy (was RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?)
Previous by thread: Re: [WEB SECURITY] Hashing and entropy
Next by thread: Re: [WEB SECURITY] Hashing and entropy
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site