[clug] MD5 of an MD5 checksum
Leigh Makewell
leigh at ozforces.com
Fri Mar 12 11:28:53 GMT 2004
Hi guys.
I need someone who knows a lot about cryptography, specifically MD5.
We have recently upgraded our forums to VB3. One change I have noticed
is the way they store the users passwords. For some unknown reason they
appear to be making an MD5 sum of an MD5 sum of the password. Or more
specifically they generate a random 3 character salt and then do an
md5(md5(password)+salt)
As far as I can tell this is in no way more secure than just doing an
md5 of the password, and I have a nagging feeling that it's actually
less secure (although maybe the random salt overcomes that problem)
Can anyone think of any reason to do it this way? (Apart from completely
making their system incompatible with anything else)
--
Leigh Makewell
Development & Game Master
aka: OzRoy
e-work: leigh.makewell at ozforces.com
e-home: roy at ozforces.com.au
ICQ: 62590163
ph-office: 1300 134 081
fax: 1300 134 082
More information about the linux
mailing list