MD5 is only one way. It cannot be reversed...However, it has been "cracked" and is considered insecure by itself.
Why? Rainbow tables have billions of hashes. They contain any and every password combination you can come up with. All an attacker has to do is take an MD5 hash and compare it to what's in a rainbow table - and that table will show you the original value (a password). Here's a great analogy I learned: You're a chef and you make spaghetti and sauce. You serve the meal to 5 people. Those 5 people then add salt to their spaghetti. No matter how hard you try, you will never re-create their modification to the meal. You don't know how much or how little they put on. Hope that kinda clears things up :) -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
