In response to Toadfish
"So what" is not a very practical attitude when dealing with cryptography and the safety of your users' personal information / their passwords.

Doesn't matter if you're on BYOND or otherwise.
I'm kind of in agreement with Doohl. Partially, though. It's important to acknowledge that there's no really big weaknesses in MD5 hashing and it can still be a viable form of security. MD5 has been around for a while though and fairly comprehensive tables have already been designed for it.

It's not insecure, in and of itself, but its age and usage just make other hashing methods a bit more useful.
The fundamental assumption behind cryptographic protocols is that your attacker doesn't have access to resources (information or computational capabilities) above a certain threshold or quality. I'm making a standard assumption: that md5 is not susceptible to the kind of attacks that would be relevant to a BYOND game (in particular chosen prefix attacks), so under reasonable cryptographic premises it is safe to use. md5 comes with the added benefit of being a time-tested default feature of BYOND.

There are much more practical security concerns to worry about than whether you're using md5 or SHA-x.

I mean, let's be clear here, while SHA256 is objectively better than md5, using this library isn't clearly better than using a builtin feature. For one, whoever uses your library has to believe you're trustworthy and didn't put anything malicious in your .dll file, and more importantly, that your implementation is correct and has been tested extensively. For two, it's not exactly well-understood how the compiler/engine interacts with external .dll files and whether it is always safe to assume that this interaction is tight, correct and not susceptible to general user maliciousness (maliciousness that's much more trivial than a cryptographic attack).
In response to Toadfish
Toadfish wrote:
The fundamental assumption behind cryptographic protocols is that your attacker doesn't have access to resources (information or computational capabilities) above a certain threshold or quality. I'm making a standard assumption: that md5 is not susceptible to the kind of attacks that would be relevant to a BYOND game (in particular chosen prefix attacks), so under reasonable cryptographic premises it is safe to use. md5 comes with the added benefit of being a time-tested default feature of BYOND.

There are much more practical security concerns to worry about than whether you're using md5 or SHA-x.

I mean, let's be clear here, while SHA256 is objectively better than md5, using this library isn't clearly better than using a builtin feature. For one, whoever uses your library has to believe you're trustworthy and didn't put anything malicious in your .dll file, and more importantly, that your implementation is correct and has been tested extensively. For two, it's not exactly well-understood how the compiler/engine interacts with external .dll files and whether it is always safe to assume that this interaction is tight, correct and not susceptible to general user maliciousness (maliciousness that's much more trivial than a cryptographic attack).
The source of the DLL is posted just compile yourself there is nothing malicious lol.
I know he posted the source, you're kind of missing the point =P.
In response to Toadfish
Toadfish wrote:
I know he posted the source, you're kind of missing the point =P.

I posted the source..And yes I get your point but it isn't valid.

Seems like you just skimmed through this thread and gave your 2cents.
Why do I constantly see this thread getting bumped? Jul 8 2014.

Who even uses this? Why is it getting bumped?
In response to Zecronious
Who even cares? Its just a thread, and it's being bumped with meaningful discussion.
In response to Zecronious
Zecronious wrote:
Who even uses this? Why is it getting bumped?

Obviously we're a cult of Necromancers who bring back dead posts to continue the conversation. You wouldn't understand the dark path we've chosen.
In response to Zecronious
Zecronious wrote:
Why do I constantly see this thread getting bumped? Jul 8 2014.

Who even uses this? Why is it getting bumped?

I use it :D
In response to Kats
Kats wrote:
Zecronious wrote:
Who even uses this? Why is it getting bumped?

Obviously we're a cult of Necromancers who bring back dead posts to continue the conversation. You wouldn't understand the dark path we've chosen.

Gotcha.

Page: 1 2