Yes, MD5 is somewhat less CPU-intensive. On my Intel x86 (Core2 Quad Q6600, 2.4 GHz, using one core), I get this in 32-bit mode: MD5 411 SHA-1 218 SHA-256 118 SHA-512 46 and this in 64-bit mode: MD5 407 SHA-1 312 SHA-256 148 SHA-512 189 Figures are in megabytes per second, for a “long” message … Read more
CRC works fine for detecting random errors in data that might occur, for example, from network interference, line noise, distortion, etc. CRC is computationally much less complex than MD5 or SHA1. Using a hash function like MD5 is probably overkill for random error detection. However, using CRC for any kind of security check would be … Read more
Yes. MD5 has been completely broken from a security perspective, but the probability of an accidental collision is still vanishingly small. Just be sure that the files aren’t being created by someone you don’t trust and who might have malicious intent.
On https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest I found this snippet that uses internal js module: async function sha256(message) { // encode as UTF-8 const msgBuffer = new TextEncoder().encode(message); // hash the message const hashBuffer = await crypto.subtle.digest(‘SHA-256’, msgBuffer); // convert ArrayBuffer to Array const hashArray = Array.from(new Uint8Array(hashBuffer)); // convert bytes to hex string const hashHex = hashArray.map(b => … Read more
Probably because 397 is a prime of sufficient size to cause the result variable to overflow and mix the bits of the hash somewhat, providing a better distribution of hash codes. There’s nothing particularly special about 397 that distinguishes it from other primes of the same magnitude.
Prefix or suffix is irrelevant, it’s only about adding some entropy and length to the password. You should consider those three things: The salt has to be different for every password you store. (This is quite a common misunderstanding.) Use a cryptographically secure random number generator. Choose a long enough salt. Think about the birthday … Read more
This is not possible, for the sake of keeping Redis simple. Quoth Antirez, creator of Redis: Hi, it is not possible, either use a different top-level key for that specific field, or store along with the filed another field with an expire time, fetch both, and let the application understand if it is still valid … Read more
A public salt will not make dictionary attacks harder when cracking a single password. As you’ve pointed out, the attacker has access to both the hashed password and the salt, so when running the dictionary attack, she can simply use the known salt when attempting to crack the password. A public salt does two things: … Read more
The usual answer goes thus: what is the probability that a rogue asteroid crashes on Earth within the next second, obliterating civilization-as-we-know-it, and killing off a few billion people? It can be argued that any unlucky event with a probability lower than that is not actually very important. If we have a “perfect” hash function … Read more
No. MD5 is not encryption (though it may be used as part of some encryption algorithms), it is a one way hash function. Much of the original data is actually “lost” as part of the transformation. Think about this: An MD5 is always 128 bits long. That means that there are 2128 possible MD5 hashes. … Read more