|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Securing encrypted data in RAM vs MSSQL
From: Ivan Krstic (krstic
fas.harvard.edu)
Date: Fri Jul 02 2004 - 09:45:59 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bénoni MARTIN wrote:
> Humm...in my crypto courses, I learnt that encrypting several times a
> password does not enhance the security level of it. Is it the same
> for a hash? I don't know...Somene has a clue? And I think that
> hashing 50 times a password would slow down the hacker...wut us as
> well! :)
Because of the inherent weaknesses of non-perfect hash functions
(partial message collisions and length extensions) you are well advised
to never use a hash function once. Instead, using h_dbl(m) := h(h(m)||m)
where h(m) is the hash function with plaintext m is a better option as
it is believed it solves both of the weaknesses.
Of course, this precludes you from being able to hash a datastream on
the fly, so if that's important, you have to find a better way to
protect yourself.
Cheers,
Ivan.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]