[WEB SECURITY] Hashing and entropy (was RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?)

Rohit Lists rklists at gmail.com
Fri Jun 20 11:09:52 EDT 2008


Sometimes it's hard to tell over e-mail, but I believe Arian was being
sarcastic with those principles ...

On Fri, Jun 20, 2008 at 9:42 AM, Thierry Zoller <Thierry at zoller.lu> wrote:
>
> Dear Adrian,
>
> Sorry but I could not resist to drop this comment :
>
> Read:
> AJE> I wish these
> AJE> "webappsec" people would get up to speed with CISSP principles.
>
> Then:
> AJE> 6. Agreed on SHA 512, but I think it's safer to write your own
> AJE> algorithm that the attacker is unlikely to know.
>
> Invent your own crypto algorythm - a classic, they teach this during
> CISSP these days?
>
> --
> http://secdev.zoller.lu
> Thierry Zoller
> Fingerprint : 5D84 BFDC CD36 A951 2C45  2E57 28B3 75DD 0AC6 F1C7
>
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
> Join WASC on LinkedIn
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
>

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list