Well, actually, the email scenario below is not 100% correct - I omitted some detail for clarity. SMTP servers use a variation of MD-5 called CRAM-MD5 which is basically a triple-hashing MD5 algorithm which is super secure.
Regards, Howie ----- Original Message ----- From: "Lewis Steven" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Tuesday, February 19, 2002 1:08 PM Subject: RE: only one MD5 hash? > I was told that MD5 has a weak key and that Secure Hash Algorithm (SHA-1) is > stronger. > > -----Original Message----- > From: Howie Hamlin [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, February 19, 2002 12:53 PM > To: CF-Talk > Subject: Re: only one MD5 hash? > > > You can't recover the text from an MD5 hash. The idea of the hash is that > the hash is created based on a known key (a password, for > example) and that you can duplicate the results of the hash if you know the > original text and the key. MD5 is commonly used in SMTP > authentication where the user know his password and the server knows the > password. The server presents a challenge string (the > string changes each time) that the client uses to produce an MD5 string > (using the password as the key). The client then sends the > MD5 result to the server and the server compares it to its own result. > Thus, you verify the password without actually transmitting > it. > > Regards, > > Howie > > ----- Original Message ----- > From: "Cameron Childress" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Tuesday, February 19, 2002 11:36 AM > Subject: RE: only one MD5 hash? > > > > > Brute forcing this 100,000 character string would take a very very very > long > > time. > > <snip? > > > -Cameron > > > ______________________________________________________________________ Get Your Own Dedicated Windows 2000 Server PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation � $99/Month � Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionb FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
