I'm using Digest::MD5 to generate unique cookie values as well as for password authentication. Should I or should I not continue to use Digest::MD5 for those operations?
The vulnerability is that if a 3rd party intercepts the MD5 hash, they can spend a few days of compute time to discover a plain-text input that will produce the same hash. You can mitigate or effectively eliminate the threat by limiting the length plaintext passwords (say, 12 to 16 characters). Then, even if an attacker finds a longer text string that results in the same MD5 hash, they're cut off by the limit.
However, unless you're mixing user-supplied plaintext with some secret string before generating a hash, you're open to dictionary attacks.
MD5 is way down on the list of things I'm worrying about right now, but there's always the chance that I'm being naive.
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
|
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.
|
|