Comments on: Don’t Hash Secrets http://benlog.com/articles/2008/06/19/dont-hash-secrets/ security, privacy, transparency. Mon, 30 Jan 2012 20:03:02 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Delicious Bookmarks for January 30th from 13:13 to 14:44 « Lâmôlabs http://benlog.com/articles/2008/06/19/dont-hash-secrets/comment-page-1/#comment-640858 Delicious Bookmarks for January 30th from 13:13 to 14:44 « Lâmôlabs Mon, 30 Jan 2012 20:03:02 +0000 http://benlog.com/?p=168#comment-640858 [...] Benlog » Don’t Hash Secrets – January 30th ( tags: hash hasing security tips tricks examples article sha-1 md5 sha256 HMAC ) [...] [...] Benlog » Don’t Hash Secrets – January 30th ( tags: hash hasing security tips tricks examples article sha-1 md5 sha256 HMAC ) [...]

]]> By: James Home http://benlog.com/articles/2008/06/19/dont-hash-secrets/comment-page-1/#comment-632416 James Home Sat, 18 Sep 2010 06:02:00 +0000 http://benlog.com/?p=168#comment-632416 perfectly explained. thank you. perfectly explained. thank you.

]]> By: agilesWissen » Some interesting links… http://benlog.com/articles/2008/06/19/dont-hash-secrets/comment-page-1/#comment-625627 agilesWissen » Some interesting links… Thu, 04 Mar 2010 07:51:29 +0000 http://benlog.com/?p=168#comment-625627 [...] Don’t Hash Secrets [...] [...] Don’t Hash Secrets [...]

]]> By: Four short links: 5 February 2010 « Murder Manual http://benlog.com/articles/2008/06/19/dont-hash-secrets/comment-page-1/#comment-625582 Four short links: 5 February 2010 « Murder Manual Wed, 10 Feb 2010 07:07:15 +0000 http://benlog.com/?p=168#comment-625582 [...] Don’t Hash Secrets — One area of secure protocol development that seems to consistently yield poor design choices is the use of hash functions. What I’m going to say is not 100% correct, but it is on the conservative side of correct, so if you follow the rule, you (probably) can’t go wrong. You might be considered overly paranoid, but as they say, just because you’re paranoid doesn’t mean they’re not after you. So here it is: Don’t hash secrets. Never. No, sorry, I know you think your case is special but it’s not. No. Stop it. Just don’t do it. You’re making the cryptographers cry. [...] [...] Don’t Hash Secrets — One area of secure protocol development that seems to consistently yield poor design choices is the use of hash functions. What I’m going to say is not 100% correct, but it is on the conservative side of correct, so if you follow the rule, you (probably) can’t go wrong. You might be considered overly paranoid, but as they say, just because you’re paranoid doesn’t mean they’re not after you. So here it is: Don’t hash secrets. Never. No, sorry, I know you think your case is special but it’s not. No. Stop it. Just don’t do it. You’re making the cryptographers cry. [...]

]]> By: Knowtu » links for 2010-01-29 http://benlog.com/articles/2008/06/19/dont-hash-secrets/comment-page-1/#comment-625033 Knowtu » links for 2010-01-29 Sat, 30 Jan 2010 01:06:45 +0000 http://benlog.com/?p=168#comment-625033 [...] Benlog » Don’t Hash Secrets Use HMAC: Hash-function Message Authentication Code. (tags: security DevelopmentWisdom) [...] [...] Benlog » Don’t Hash Secrets Use HMAC: Hash-function Message Authentication Code. (tags: security DevelopmentWisdom) [...]

]]> By: Eric Blue’s Blog » Blog Archive » Weekly Lifestream for January 28th http://benlog.com/articles/2008/06/19/dont-hash-secrets/comment-page-1/#comment-624922 Eric Blue’s Blog » Blog Archive » Weekly Lifestream for January 28th Fri, 29 Jan 2010 01:07:39 +0000 http://benlog.com/?p=168#comment-624922 [...] Shared Benlog » Don’t Hash Secrets. [...] [...] Shared Benlog » Don’t Hash Secrets. [...]

]]> By: Don’t Hash Secrets | BlogHalt.com http://benlog.com/articles/2008/06/19/dont-hash-secrets/comment-page-1/#comment-624769 Don’t Hash Secrets | BlogHalt.com Tue, 26 Jan 2010 11:19:22 +0000 http://benlog.com/?p=168#comment-624769 [...] Don’t Hash Secrets. A well written explanation from 2008 of why you must use hmac instead of raw SHA-1 when hashing against a secret. [...] [...] Don’t Hash Secrets. A well written explanation from 2008 of why you must use hmac instead of raw SHA-1 when hashing against a secret. [...]

]]> By: Limitations of Hashing « Exhaust the Iterator http://benlog.com/articles/2008/06/19/dont-hash-secrets/comment-page-1/#comment-624735 Limitations of Hashing « Exhaust the Iterator Tue, 26 Jan 2010 01:04:53 +0000 http://benlog.com/?p=168#comment-624735 [...] Don’t Hash Secrets (via). Informative, accessible article that sketches the limitations of hashing, even with a [...] [...] Don’t Hash Secrets (via). Informative, accessible article that sketches the limitations of hashing, even with a [...]

]]> By: stev.ie/ » Blog Archive http://benlog.com/articles/2008/06/19/dont-hash-secrets/comment-page-1/#comment-624676 stev.ie/ » Blog Archive Mon, 25 Jan 2010 12:20:36 +0000 http://benlog.com/?p=168#comment-624676 [...] Via. [...] [...] Via. [...]

]]> By: links for 2010-01-24 « Breyten’s Dev Blog http://benlog.com/articles/2008/06/19/dont-hash-secrets/comment-page-1/#comment-624580 links for 2010-01-24 « Breyten’s Dev Blog Sun, 24 Jan 2010 11:04:49 +0000 http://benlog.com/?p=168#comment-624580 [...] Benlog ? Don?t Hash Secrets (tags: hashing security crypto hmac) [...] [...] Benlog ? Don?t Hash Secrets (tags: hashing security crypto hmac) [...]

]]>