![]() No two passwords should produce the same digest (a situation referred to as a collision). A hashing function should produce a unique digest for every different input. MD5 (invented by Ron Rivest, who is the ‘R’ in RSA), has been compromised. We have discovered that many CMS use outdated hash functions. Unfortunately, CMS software often doesn’t use hashing properly, the researchers warned. (Although hashing is fundamental to good password security, there’s more to it than that – for a detailed primer see how to store your users’ passwords safely.) Yet if anyone steals the password database, they can’t read it. If the digest matches the one on file, the user gains access. When a user logs in using their password, the web application can quickly hash it. That makes it great for storing passwords securely. You can calculate the digest easily using the password, but you can’t calculate the password using the digest. It takes an alphanumeric string such as a password and uses it to produce another string, called a digest.Ī hashing function is a one-way street. Hashing is a mathematical function that encodes a secret. Three researchers from the Department of Digital Systems at the University of Piraeus in Greece tested several CMS products to see how well they hashed user passwords. A group of researchers has discovered that many of the web’s most popular content management systems are using insecure algorithms to protect their users’ passwords.
0 Comments
Leave a Reply. |