Public Safety Announcement: On the subject of password security

[mrb]

No. My point is: use industry standards like PHP's builtin crypt() CRYPT_SHA512 mode. They are an excellent compromise between CPU time & strength.

You have no reason to refuse to follow industry standards.

So was MD5 10 years ago...

You've a GOOD reason to NOT follow industry standards actually; it's called "Rainbow Tables" and alike.
MD5 was never broken, NTLM was never broken, all of those 1-way hashing mechanisms were never broken, what happened is that they're "industry standards", so it become easy to create dbs with their possible contents.

If you had any education whatsoever in the area of password hashing, you would know that CRYPT_SHA512 is immune to rainbow tables thanks to its unique salt per hash. This is why you should use it instead of plain MD5/SHA1/SHA512 etc.

[1715041066]

1715041066

[1715041066]

1715041066

[1715041066]

1715041066

[1715041066]

1715041066

[BCEmporium]

If you've any education you would know what Rainbow tables are and how ridiculous is that statement.
Obviously any algorithm can be stored as pre-computed hashes. Your statement is as ridiculous as to say that if I calc the hash under the same parameters at my computer it will render a different result than if I do it at yours. Yes, salt, if unknown or per-user, will prevent Rainbow Tables, but that's valid for any hashing algorithm.

To the end, how breakable it is relies on computing power, what was good at 386's time is an easy picking today, and within 10 years even your SHA512 1000 or 5000 rounds salted with any flavor may be too. But still... for what's in the market now it is nearly unbreakable.

[mrb]

"how ridiculous is that statement"

"Yes, salt, if unknown or per-user, will prevent Rainbow Tables"

Way to contradict yourself! This discussion is now over.

[BCEmporium]

"how ridiculous is that statement"

"Yes, salt, if unknown or per-user, will prevent Rainbow Tables"

Way to contradict yourself! This discussion is now over.

No, you imply that it can't be in a RT because of its "unique salting method", like if two computers would compute a different hash...
However this would be perfectly RT:

crypt("pass","$6$rounds=5000$myeverydaysalt$");

And unknown or per-user salt will prevent RT on every algorithm and not just SHA512

[cloud9]

Everyone here knows Bitcoins - and Bitcoins are very, very secure.

Why not (in offline mode) create a new empty wallet.dat

Move it to removable media.

Sign in on a secure computer to your service provider and upload your newly created empty wallet.dat

When you sign in to a secure service provider the following happens VERY, VERY securely:

They spend a SMALL amount of bitcoins to the shared wallet.dat and request you to spend it back (verifying your identity and shared ownership of the wallet.dat)




With current difficulty and network hash power at ~10THash/sec it should take more than a week to brute force attack with the average PC.