[Noisebridge-discuss] Anti-piracy / anti-Pirate Bay law currently in Congress [drama]

[Moxie Marlinspike]

On 09/28/2010 04:54 PM, Sai wrote:
> Incidentally, re http://decloak.net - anyone know why HD Moore has the
> second usage of the secret in the md5 hash? (md5("secret" .
> $_SERVER['REMOTE_ADDR'] . $_SERVER['REMOTE_PORT'] . time() .
> "secret");)
>
> AFAICT this is pure voodoo, unless md5 is a non-perfect hash in some
> way that's not clear to me.

Without knowing the context of this construction, I'd guess that it's
for preventing an extension attack.  Using the hmac construction would
be better, and I'd guess he confused this with hmac.

- moxie

-- 
http://www.thoughtcrime.org