flex-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kessler CTR Mark J" <mark.kessler....@usmc.mil>
Subject RE: Encrypt in Flex - Decrypt in .NET
Date Thu, 31 Oct 2013 11:53:34 GMT
Very good point, store the randomly generated salt in a user record next to their salted hashed
password.  Definitely adds more time to resolving passwords when they have to try hashing
with salts.  Makes static lookup tables(like rainbow) much harder to use.

-Mark

-----Original Message-----
From: Justin Mclean [mailto:justin@classsoftware.com] 

Hi,

> it would be better if you did a one way hash on the client and stored hashed value in
a database
+1 and another +1 if you salt that hash.

However using a modern GPU it's possible to check about 100 MD5 million hashes a  second so
it's becoming less and less secure.

Justin

Mime
View raw message