>
> I know that and you probably misread the question or my explanation was
> not clear enough.
>
> My question was: is hashing two or three times (without a salt) a secure
> method or is it as secure as hashing only one time without salt?
>
Oh sorry, I really misunderstood your question.
> As far as i understood, it can significally improve the secure of the
> "clear text" passwords but, with a reaaaaaaally big hash db, you can
> crack it.
>
> I do agree with you when you say that it will give the same hash for
> same passwords, even if i hash it infinite times. So i guess that I'll
> have to study the security/performance effects of such measure. Maybe
> one day I'll present it to the world.
>
> Thanks all for the answers. I'm really grateful.
> --haZ
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
Hash: SHA1
>
> I know that and you probably misread the question or my explanation was
> not clear enough.
>
> My question was: is hashing two or three times (without a salt) a secure
> method or is it as secure as hashing only one time without salt?
>
Oh sorry, I really misunderstood your question.
> As far as i understood, it can significally improve the secure of the
> "clear text" passwords but, with a reaaaaaaally big hash db, you can
> crack it.
>
> I do agree with you when you say that it will give the same hash for
> same passwords, even if i hash it infinite times. So i guess that I'll
> have to study the security/performance effects of such measure. Maybe
> one day I'll present it to the world.
>
> Thanks all for the answers. I'm really grateful.
> --haZ
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJP10laAAoJEAxfDBT+GENjoQ0H/iyumVT9x1eoO7OTCAWIMxZe
gOl/gY/Ibcx/U7xkCL+4A2wP8Vn9duZSbPOnVT/ikRuXV9/7O1AG8Ea/mGW+kmAP
VmMLxBdhUafeu8/+AU5VnDUTTD/eGYjD4IaRA7FdY82eQCF5gZv3A5KzDHKm7HR8
DxjctQ6ifq6DZf6BBfIqOJp2wJ2lq5xRC6e/a54V1fdEJgAgPdDxMdt5tgBrf/ZM
7vqpjF6an8BUO/s4YIJm6rcCs6OhDq7kNVvtKanwIFYiH4yE5s3vShJjkJ9k/yZL
mbf0cdsZuTEO6I8XZpstwHx7kQYrI8yMm9+OI/JI1i4HQ9RbViYG9A+AprbKqAY=
=4Nke
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]