Speaking of MD5 hashes, I had the idea and the wherewithal to build a site
that had a huge pile of passwords and their various matching MD5 hashes,
crypts using all 26^2 salts, etc.  People could submit passwords (or
request that passwords be removed); I'd initially populate it with
passwords built from rules used in applications like "john."  It would
allow sysadmins SOAP access to see if a password was "insecure" quickly and
easily.  However, the down side to this is that script-kiddies could use
the database to break passwords if they can get their grubby little hands
on it.

I know this is PHP/MySQL list, but I'd write it in PHP/MySQL so it is sort
of related.  I'd like to hear your thoughts on the pros and cons of such a


On Tue, 24 Jun 2003, [iso-8859-1] JeRRy wrote:

> Marco,
> Thanks, that's what I originally thought that it was
> one way.  So websites that have the option to retrieve
> password don't use md5?
> I guess technically there MUST be a way to break the
> barrier where you can reverse it.  If there is a way
> to make it there is always a way to break it, somehow.
>  !!!!  But what I have heard and read it's very tight
> and probably the best method to handle passwords for
> now, until something new is released.  Which will
> happen when md5 is broken, like everything else after
> a little bit of time.

Peter Beckman                                                  Internet Guy
[EMAIL PROTECTED]                             http://www.purplecow.com/

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to