Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

REBOL encryption?

 [1/4] from: stopm:mediaone at: 15-Feb-2002 2:18


I need some way of encoding text in a way such that for any text <x>, it encodes into a value which no other text (or a very negligible amount) does, and from which it is impossible (or nearly so) to extract the original text except by brute force. It looks like this might do the trick: checksum/method "Test" 'md5 But is this method secure, or only useful to check for corruption in data? I.e., how few values will encode into that? It's for password encryption in a MUD server, so it's pretty important that it be as hard as possible to brute-force passwords. I imagine a standard checksum would yield the same value for many, many different inputs, so it would be much easier to crack by inputing arbitrary values. But is MD5 checksum more secure? Or another method? Or what. Forgive me if this is even more incoherent than usual (I haven't exactly given myself an excellent reputation in terms of comprehensibility of my messages with the few posts I've already made <g>), but it's 2:17 AM. I'm going to sleep now, don't worry. :) 2:18 now.... Alex

 [2/4] from: greggirwin::mindspring::com at: 15-Feb-2002 10:40


Hi Alex, << I need some way of encoding text in a way such that for any text <x>, it encodes into a value which no other text (or a very negligible amount) does, and from which it is impossible (or nearly so) to extract the original text except by brute force. >> How about checksum/secure? --Gregg

 [3/4] from: reboler:programmer at: 15-Feb-2002 14:40


sha1 is considered more secure than MD5 checksum/method "your-string" 'sha1 The number of possible sha1 digests is quite large, (can't remember exactly at this moment) so you should have very little chance of convergence to the same digest from two different strings. Do you think you will have billions and billions of users? Unless so, either method shoud be fine for practical purposes. After all, you are not storing state secrets ;) Remember no method is absolutely secure. You're biggest problem will be sufficiently large and random passwords, not convergence of "encrypted" (digested) passwords. Most people's self-choosen "passwords" are way to short, and way to non-random. I've got a password generating script if you want a copy, based on a dictionary of 8K words. It's for /Core right now, but it is on my list to translate to View. Do a search on the internet for "diceware" for more info.

 [4/4] from: john_kenyon:mlc:au at: 18-Feb-2002 9:34


>You're biggest problem will be sufficiently large and random passwords,
not convergence of "encrypted" (digested) passwords. Most >people's self-choosen "passwords" are way to short, and way to non-random. You can get around this by salting the input with a random string then appending the salt to the sha1 value. Have a look at http://developer.netscape.com/docs/technote/ldap/pass_sha.html eg salt: "arandomstring" ssha: join checksum/secure join "password" salt salt cheers, John