On 22.12.2011 12:54, John Doe wrote: > From: Reindl Harald <h.reindl@xxxxxxxxxxxxx> > >>> are they automatically "converted" (rehashed) to SHA512? >> this is technically impossible on any system and in any context >> the definition of a hash is NOT INVERTABLE and you would need >> the plaintext-version to generate another hash type > > By rehashed I meant 2 layers of hashing... > You sha512 the old md5 hash while keeping the knowledge that it was an md5 hash. > So, when the user enters its passwd, it would be md5 hashed and then sha512 hashed and compared... this does not make any sense or differene and would decrase security keep in mind that hashes normally contain only [a-z][0-9] if you store the knowledge you have no need to convert if you have a secure password like "y*!#Anf&%" your hash has no longer special-chars and uppercase-letters, hashing this again would result in a less secure one with more possible collisions
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos