Skip to main content
Information Security

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

4
  • That is a good point about the database access. That totally defeats one of the main purposes of hashing the passwords. Good catch. I'll make an edit to adjust for that vulnerability. And it makes me nervous to just completely rely on one security tool, like TLS. It goes against the idea of robust security. Commented Aug 2, 2011 at 14:29
  • 6
    Inventing your own protocols goes against the idea of robust security too. Commented Aug 2, 2011 at 14:30
  • 1
    No, inventing your own mathematically bound cryptological concept is an insane idea and not secure. If I was asking 'Is this hashing algorithm I invented secure?' it would be a problem. but using pre-establish recognized cryptological paths in a configuration is the definition of how secure systems are organized. Commented Aug 2, 2011 at 14:43
  • 3
    Inventing, modifying, tweaking, hacking, extending, optimizing, or just about anything else you can do to a cryptographic protocol, hash, algorithm, PRNG, key agreement, or cryptographic technique is a very bad idea. Do not use your work to protect anything of value. Security is a vast and difficult problem. Many experienced, knowledgeable, and careful security practitioners have made painful mistakes. The prime example is the recent RSA breach. You wouldn't build a car using someone's proven engine and your experimental brake system. Don't invent security protocols. Commented Aug 3, 2011 at 0:51