It is IMPOSSIBLE having the variable "MyHashedPassword" to get the password back.
Could a really clever hacker do it??
MD5 is a one-way algorithm but it is possible to crack weak MD5 passwords using brute force. Check out John the Ripper and other password crackers at www.openwall.com, packetstorm.securify.net, www.securiteam.com, neworder.box.sk etc.
You could use some function/module to ensure that users cannot choose a weak password and even run a password cracker against your encrypted passwords every now and again to catch any weak ones that made it through (and tweak your function accordingly). Of course, whether this is all necessary is up to you.
Mark
(oh btw, hello the list, I moved from Dublin to Manchester recently and was looking for a UK CF list, thanks to an old work colleague, Justin MacCarthy, I've found u lot, yay!)
-- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/
To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]
