Rick Jones <[EMAIL PROTECTED]> writes:
> This is completely false. I don't care what is done to a password. If it
> is constant and repeatable, as password's need to be, then it's only a
> matter of time. If the method is public knowledge as with the source code
> to encrypt passwords, it can be decrypted in no time.
What if two passwords hash to the same value? How is it possible to
do a reverse lookup on that hash? Yet, you can still verify that the
password a user is attempting log in with hashed to the same thing it
did when they ran "passwd".
Now, if you can generate ONE of the passwords that hashes to a
particular value, then I guess you're in business anyways, but you
still didn't necessarily get the same password back.
Later,
Dale
--
+-------------------- finger for pgp public key ---------------------+
| Dale E. Martin | University of Cincinnati Savant Research Laboratory |
| [EMAIL PROTECTED] | http://www.ececs.uc.edu/~dmartin |
+----------------------------------------------------------------------+
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] .
Trouble? e-mail to [EMAIL PROTECTED] .
