[clug] MD5 of an MD5 checksum

Leigh Makewell leigh at ozforces.com
Fri Mar 12 11:28:53 GMT 2004


Hi guys.

I need someone who knows a lot about cryptography, specifically MD5.

We have recently upgraded our forums to VB3. One change I have noticed 
is the way they store the users passwords. For some unknown reason they 
appear to be making an MD5 sum of an MD5 sum of the password.  Or more 
specifically they generate a random 3 character salt and then do an 
md5(md5(password)+salt)

As far as I can tell this is in no way more secure than just doing an 
md5 of the password, and I have a nagging feeling that it's actually 
less secure (although maybe the random salt overcomes that problem)

Can anyone think of any reason to do it this way? (Apart from completely 
making their system incompatible with anything else)

-- 
Leigh Makewell
Development & Game Master

aka: OzRoy
e-work: leigh.makewell at ozforces.com
e-home: roy at ozforces.com.au
ICQ: 62590163

ph-office: 1300 134 081
fax: 1300 134 082



More information about the linux mailing list