[BNM] MD5 quicky

Wayne Douglas wayne at codingvista.com
Tue Jan 9 09:36:35 GMT 2007 

OK - Here is where I was getting confused then: The string I need to
'validate' is a set of values such as:

<date time of transaction><service alloted ID><preshared key>

The date time I know - the pre shared key I know. The ID is alloted by the
service and is not something I know. Therefor I can't create the hash to
compare.

The problem I have is that the service providers are Spannish and barely
understand English. Lesson learned: Never work with the  Spannish and MD5
together.

w://

On 1/8/07, Dominic Mitchell <dom at happygiraffe.net> wrote:
>
> On Mon, Jan 08, 2007 at 11:45:33AM +0000, Wayne Douglas wrote:
> > Hey
> >
> > Does anyone here have an understanding of MD5 who can spare a minute or
> two
> > to explain to me what it's all about.
>
> It's basically a checksum of some larger object.  The idea is you run a
> magic function ("md5") over a large piece of data and get a smaller
> number out.  The magic is that you never[1] get the same number for
> different pieces of data.
>
> > I have a security token I need to validate and its comming over as an
> MD5
> > hash. I can see how to [they] create the hash, I just don't see what I'm
> > meant to do to validate it. I'm using .NET but don't think that should
> > matter as it's only the understanding of MD5 bit that's buggered me.
>
> Usually, you're meant to run the MD5 function over the stored piece of
> data you have (e.g. a password) and verify that it produces the same MD5
> hash that you've been given.  Doing things this way means you can log
> people in without sending the password in the clear over the network.
>
> This situation isn't without it's problems, though.  It's vulnerable to
> a replay attack.  If you want more info about the kinds of problems,
> look into "HTTP Digest Authentication"[2].
>
> Gerneally, MD5 isn't as secure as it used to be, thanks to the march of
> moore's law and cryptographers who like to play.  Have a look at the
> wikipedia entry[3] for more details.
>
> -Dom
>
> [1]  Or near as dammit.
>
> [2]  http://en.wikipedia.org/wiki/Digest_access_authentication
>
> [3]  http://en.wikipedia.org/wiki/MD5
>
> --
>
> BNM info/subscription/archives: http://www.brightonnewmedia.org/
>
> BNM archive search: http://www.roddis.org/bnm/search.php
> BNM Del.icio.us tag: http://del.icio.us/tag/bnm/
> BNM Flickr group: http://www.flickr.com/groups/bnm/
>
> BNM powered by http://www.screen-play.net/
>

More information about the BNMlist mailing list
BNMlist is hosted by Screenlists, a Screen-Play.net service