This is a read-only snapshot of the ComputerCraft forums, taken in April 2020.
ComputerCraftGeneral
Imque's profile picture

[PHP][HASHING]Long VS Short

Started by Imque, 06 May 2013 - 03:23 AM
Imque #1

Imque's profile picture

182 posts

Posted 06 May 2013 - 05:23 AM
Hai,

I hashed two strings in SHA512. The first one was 3 chars (Not hashed) and the second one was 15 chars (Not hashed)

After hashing it, the short 3 char string came out longer as a hash and the long string came out shorter.

Is this an effect that is included with SHA512 or is it simply the way it falls.

But my question does this mean when people register for LuaPay, that I shouldn't make the minimum password size 5 or more, could I make it any length and still have the same security?
GravityScore #2

GravityScore's profile picture

799 posts

Location Land of Meh

Posted 06 May 2013 - 05:31 AM
A simple security feature of hashing is that every hash generated is the same length (the actual length varies from hash type to hash type, SHA-512 should return a 64 character long hexadecimal string, and SHA-256 should return a 32 character long hexadecimal string). If it were the same length as the password, then it would significantly reduce the number of requests a hacker would have to make in a brute force attack. So you technically don't need a minimum password size, but I would recommend something from 6-8 characters.
theoriginalbit #3

theoriginalbit's profile picture

7508 posts

Location Australia

Posted 06 May 2013 - 05:37 AM
The hashes are meant to come out the same length (as Grav stated) so the fact that you're getting different lengths is making me think 1 of 3 things
  1. You're not actually hashing, you're doing like an encrypt or something, but definitely not a hash
  2. You're hashing the two passwords with different hashing algorithms
  3. You think they are different lengths because you aren't using a monospaced font
Imque #4

Imque's profile picture

182 posts

Posted 06 May 2013 - 07:26 AM
I am only using SHA512. I have prevent HTML entities and MySQL injection.
GravityScore #5

GravityScore's profile picture

799 posts

Location Land of Meh

Posted 06 May 2013 - 08:39 AM
Imque, on 06 May 2013 - 07:26 AM said:
I am only using SHA512. I have prevent HTML entities and MySQL injection.

Well, I don't understand how you can be getting hashes of different lengths. See:

"abc" hashed in SHA-512 (3 characters)
ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f

"123456789012345" hashed in SHA-512 (15 characters)
3345ef483573fa45eb713bea9d3b7cc8c1040a4edcc81abd18bc5a81a8738463b102a78282d0defb2cf0b75d6df5ce8a5e35388cc69c850506fd1c4dd3d21e66

And a minimum password length of 8 characters is generally good.
Lyqyd #6

Lyqyd's profile picture

8543 posts

Posted 06 May 2013 - 12:36 PM
Moved to General.