View Single Post
Old 02-01-2016, 08:18 PM  
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,149
Here's md5 of a password with 21 chars
2061bf778a5cb9d7f72c55b09c46ba87

It's not even salted. Should be no problem no? You can do it fast since you probably have thousands of members when you were able to evaluate how big everyone's password is
From your answer i see you dont even understand what a salt is, or what is it's purpose.
Salt is used to make the redundancy on hashes even bigger. For example. "A" will always give a hash of 7fc56270e7a70fa81a5935b72eacbe29, so someone somewhere might have stored that same hash and saved it as "A", and someone might be able to reverse it by finding it, let's say, on google, or running it through hash breaking algorithms. Salt is invented so that each vendor/software platform could make up their own "salt" that could produce a different hash for "A", so that without knowing the salt, you can't replicate the hashing algorithm.
But still, password hashed with or without salt, you CANT KNOW ITS LENGTH.

so you were storing them plaintext?
__________________
agentGFY *at* gmail.com
ladida is online now   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote