Rick Jones <[EMAIL PROTECTED]> writes: > This is completely false. I don't care what is done to a password. If it > is constant and repeatable, as password's need to be, then it's only a > matter of time. If the method is public knowledge as with the source code > to encrypt passwords, it can be decrypted in no time.
What if two passwords hash to the same value? How is it possible to do a reverse lookup on that hash? Yet, you can still verify that the password a user is attempting log in with hashed to the same thing it did when they ran "passwd". Now, if you can generate ONE of the passwords that hashes to a particular value, then I guess you're in business anyways, but you still didn't necessarily get the same password back. Later, Dale -- +-------------------- finger for pgp public key ---------------------+ | Dale E. Martin | University of Cincinnati Savant Research Laboratory | | [EMAIL PROTECTED] | http://www.ececs.uc.edu/~dmartin | +----------------------------------------------------------------------+ -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .