Im making a website that will intergrate with game that only support md5 hashing metod (atm). Which ofc is not especially safe anymore. But how could i make it stronger? Should I just generate long strings of random letters and numbers and hash them? But then the users have to save the password on a paper/txt file in computer.
What do you suggest?
What is wrong with an md5 hash for what you are doing? Throwing more random characters at it won t make much difference.
You can take a look at SHA hashes for an alternative to md5.
The weaknesses of md5 are a little over-hyped, but you can just use sha512 instead. It s a better hashing algorithm.
While MD5 isn t the best hashing algorithm out there due to its weaknesses, it all depends on exactly what you re doing. If it s your only option and you want to hash passwords before storing them in the database, by all means do so.
You said that MD5 is your only option "at the moment". Does this mean you might have other hash algorithms available later? Consider using MD5 for now but leave yourself an upgrade path to use other algorithms.
You may want to consider using a salt in conjunction with MD5. This will help defend against some attacks (e.g., rainbow tables).
If it s for passwords hashing, consider using salted hash instead of just brute hashing the password. See Wikipedia
If the password are user chosen, consider having a password strength indicator and also prevent them to use too easy one. One good thing is to check they are at least two of either upper/lower/numbers and run them through cracklib and if they fail that, refuse to set the password.
Other than that you re pretty much OK.
What exactly do you hash and how you use the hash?
Are you refering by any chance to storing account passwords for authentication with the site? The weackness of password hashing are caused by using the hash (any hash) in a wrong manner, not by inherent hashing algorithm weakness. Nobody is going to brute force your MD5 hash, the problem will be dictionary attacks agains known hash values (rainbow tables). And the protection is to use an HMAC hash, or something similar, like a salted hash.
I m afraid you re on the wrong track if you consider that using a different hashing algorithm will give you any benefit. While is true that SHA1 or SHA256 have stronger cryptographic attribute and will stand a brute force attack for longer time, even the stronges hash will be useless if incorrectly used. On the other hand MD5 will work just fine when used properly.
For security reasons, it is desirable to check the integrity of code before execution, avoiding tampered software by an attacker. So, my question is How to sign executable code and run only trusted ...
I run findbugs against all of my code and only tackle the top stuff. I finally got the top stuff resolved and now am looking at the details. I have a simple entity, say a user: public class User ...
Anyone know if jsbin.com implements any protection for XSS or other javascript attacks? I see jsbin links used fairly regularly on sites like this one and I can t find any indication from the site ...
Im making a website that will intergrate with game that only support md5 hashing metod (atm). Which ofc is not especially safe anymore. But how could i make it stronger? Should I just generate long ...
I am trying to find out the difference between difference service account types. I tumbled upon this question. The answer was because it has powerful access to local resources, and Network Service ...
I am trying to write a script to prevent brute-force login attempts in a website I m building. The logic goes something like this: User sends login information. Check if username and password is ...
Three SHA512Managed related questions: Is SHA512Managed considered the best one-way hash available in .NET 3.5 for security? What Salt size should be used with SHA512Managed? The application is for ...
[Update] - I attach also full config files, for service, and for client (outside of here, not to flood the topic) I m having situation pretty much identical to the one outlined in this question, ...
