- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Admin
<FONT style="BACKGROUND-COLOR: #efefef">
</FONT>Also for high-sec apps I wouldnt MD5 something thats incrementing (ish), as the hashes will tend to 'bubble', and thus be more predictable. Pity really - I like MD5 as it conveniently fits into a unique_identifier field, unlike SHA [:'(]
Admin
"Don't use it if you're simply performing simulations or for games programming, it's much slower than the regular random number generator."
Only one thing, using pseudo-random numbers to make simulations it is not
a waste of time. There are some stories about people that have used the
default random number generator of the language to make simulation and
this non-pseudo-random numbers have conditioned the results. So, please
I think that depeding on the target software is feasible or not "wasting"
time generating numbers.
Admin
some of the comments in this thread prove, once again, that programmers are the most arrogant bastards on the planet.
arrogant coward
Admin
Again, all points about this being a throwaway accepted but reading other posts about how passwords should be generated. Surely you don't want to be doing that in the database anyway. That's the job of the application layer to generate the random string or take user input, hash it etc. and pass the hashed result to the database.
Admin
My guess is that it will return zero rows. But that is because I don't know about SQL that much. If I knew more about it then I would know the correct answer
Admin
Beacouse time of running has relativly low entropy if you know +- time of running. Too bad for passwords.
Admin
That 2% (by your math) are a few zettas worth of passwords. That would mean an extra few weeks on a bruteforce attempt. By any means a number on the size of 10^21 is "not so much of a difference".