Jump to content




[PHP][HASHING]Long VS Short

Started by Imque, May 06 2013 04:23 AM


  • You cannot reply to this topic
5 replies to this topic

#1 Imque

  • Members
  • 134 posts

Posted 06 May 2013 - 04:23 AM

Hai,

I hashed two strings in SHA512. The first one was 3 chars (Not hashed) and the second one was 15 chars (Not hashed)

After hashing it, the short 3 char string came out longer as a hash and the long string came out shorter.

Is this an effect that is included with SHA512 or is it simply the way it falls.

But my question does this mean when people register for LuaPay, that I shouldn't make the minimum password size 5 or more, could I make it any length and still have the same security?

#2 GravityScore

  • Members
  • 796 posts
  • LocationLand of Meh

Posted 06 May 2013 - 04:31 AM

A simple security feature of hashing is that every hash generated is the same length (the actual length varies from hash type to hash type, SHA-512 should return a 64 character long hexadecimal string, and SHA-256 should return a 32 character long hexadecimal string). If it were the same length as the password, then it would significantly reduce the number of requests a hacker would have to make in a brute force attack. So you technically don't need a minimum password size, but I would recommend something from 6-8 characters.

#3 theoriginalbit

    Semi-Professional ComputerCrafter

  • Moderators
  • 7,332 posts
  • LocationAustralia

Posted 06 May 2013 - 04:37 AM

The hashes are meant to come out the same length (as Grav stated) so the fact that you're getting different lengths is making me think 1 of 3 things
  • You're not actually hashing, you're doing like an encrypt or something, but definitely not a hash
  • You're hashing the two passwords with different hashing algorithms
  • You think they are different lengths because you aren't using a monospaced font

#4 Imque

  • Members
  • 134 posts

Posted 06 May 2013 - 06:26 AM

I am only using SHA512. I have prevent HTML entities and MySQL injection.

#5 GravityScore

  • Members
  • 796 posts
  • LocationLand of Meh

Posted 06 May 2013 - 07:39 AM

View PostImque, on 06 May 2013 - 06:26 AM, said:

I am only using SHA512. I have prevent HTML entities and MySQL injection.

Well, I don't understand how you can be getting hashes of different lengths. See:
"abc" hashed in SHA-512 (3 characters)
ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f

"123456789012345" hashed in SHA-512 (15 characters)
3345ef483573fa45eb713bea9d3b7cc8c1040a4edcc81abd18bc5a81a8738463b102a78282d0defb2cf0b75d6df5ce8a5e35388cc69c850506fd1c4dd3d21e66

And a minimum password length of 8 characters is generally good.

#6 Lyqyd

    Lua Liquidator

  • Moderators
  • 8,465 posts

Posted 06 May 2013 - 11:36 AM

Moved to General.
Back to General


2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users



  1. ComputerCraft | Programmable Computers for Minecraft
  2. ComputerCraft
  3. General