Gregory McLeod Posted February 25, 2013 Share Posted February 25, 2013 Is a string generated by llMD5String(string src,integer nonce) reversible. That is can a script unhash the hashed data without resorting to password cracking? Link to comment Share on other sites More sharing options...
Darkie Minotaur Posted February 25, 2013 Share Posted February 25, 2013 A hash function is not a crytographic function - a lot of data is usually lost when hashing a value. You may rey by brute force - but there is no reverse function. Link to comment Share on other sites More sharing options...
Jenni Darkwatch Posted February 25, 2013 Share Posted February 25, 2013 Also, using MD5 is more or less discouraged these days. Use SHA1 instead. Link to comment Share on other sites More sharing options...
Kenn Nilsson Posted February 26, 2013 Share Posted February 26, 2013 To further on the MD5 / SHA1 / etc conversation ... not even a straight SHA1 hash is really secure. You should additionally "salt" your hashes with a dynamic string and consider hashing multiple times. From your question, however, I imagine you are looking for an efficient way to pass large chunks of data from one place to another? How big is the data? And is it object->object or object->web->object? There are potentially other solutions. Link to comment Share on other sites More sharing options...
Akninirith Posted February 27, 2013 Share Posted February 27, 2013 I believe that SHA1 has also been recently compromised - not BROKEN, but an algorithm found that can give a string that will be converted to a known hash made with SHA1. Do not remember where I read this, so take it with as much, er, salt as deemed appropriate. I don't know when/if Linden Labs intends to add support for it, but SHA3 is apparently a far more secure animal than its older cousin. Link to comment Share on other sites More sharing options...
Jenni Darkwatch Posted February 27, 2013 Share Posted February 27, 2013 There's a theoretical SHA1 collision attack which reduces the complexity of any attack vectors. It's impractical to use, so it's still reasonably safe. The original attack vector was found 2005 and improved over the years. Today we have SHA-2 and most recently SHA-3 but neither is included in LSL. I don't think it's all that urgent to have either. For "strong" encryption there's an XTEA library here: http://wiki.secondlife.com/wiki/XTEA_Strong_Encryption_Implementation Link to comment Share on other sites More sharing options...
Recommended Posts
Please take a moment to consider if this thread is worth bumping.
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now