#mysql - Fri 11 May 2007 between 00:01 and 00:19

NY Lost Funds



KevinBookshow big should the column be?
CareBear\KevinBooks : char(64) for a sha256
KevinBooksthanks
seekwillCareBear\: Ok, let's say it is "broken". How long does it take to break?
CareBear\seekwill : 2^69/2^40/86400/365=17 years with 1Tops
seekwillYeah... 17 years...
CareBear\1Tops isn't all that much though?
KevinBooksit isn't?
CareBear\Is it?
GHz programmable logic doesn't cost many $
KevinBooksTops = TeraFLOPS ?
seekwillWhat are our computers doing these days?
I would say something is broken if it can be cracked w/o a brute force.
CareBear\seekwill : 2^80 would be brute force
seekwill2^69 isn't?
CareBear\KevinBooks : Tops = tera operations, one operation=one hash
seekwill : 2^69 < 2^80
seekwill : But you mean without searching at all?
seekwillYeah
CareBear\: Is the cost of calculating a sha256, and storing it, really worth it to all practical applications?
There's a point that if your entire operations isn't at that level of security, it won't matter.
"There would be a real danger if someone found a way to reverse the hash and reveal the plaintext message that the sender had signed."
CareBear\seekwill : You are completely right. Always choose security based on the threat.
But I do think the 32 extra bytes are worth it.
mksmyou could just change passwords like monthly
CareBear\Who knows how long it will take to find collisions tomorrow.
seekwillIs the SSL layer used to transport the password at least 256??
CareBear\mksm : Sure. But unless there is an existing secure communications path from the system to the user it's hard to notify the user of updates.
mksmi would be more worried about the user
seekwilllol
CareBear\seekwill : Even if it isn't, the network traffic is not neccessarily stored anywhere (disregarding data remanescense in routers) while the database will be by design.
seekwillHe writes the password on a postit, sticks it to his monitor...
CareBear\: Snif snif
CareBear\The user is always a weak link!
Probably the most rewarding attack vector.
Passwords suck.
The web sucks. :p
mksmyeah. How much $ is a password worth?
seekwillDepends on application. If it's worth anything substatial, I would hope you didn't have to ask here.
CareBear\mksm : Some online banking systems just use a password for login and another for transaction signatures.

Page: 2 9 16 23 30 37 44 51 58 65 

IrcArchive

NY Lost Funds