On Tue, 2003-06-24 at 09:36, JeRRy wrote:
> Hi,
> Hmmm okay... So if the passowrd was.

There are ways to avoid this. Typically, you can add a random token (or
a salt) to the password before you calculate its checksum. This way, two
users with the same password will have two different hashes.

However, a brute-force approach as the one suggested is *not* quite as
simple and powerful as it looks. assuming that there are even just 62
valid characters for the password (uppercase+lowercase+digits) to go
over passwords as short as five characters you'd have to do 380,204,032
iterations. Add one more digit and you're already up to 19,770,609,664.
Sure, these are not insurmountable numbers, but they quickly add up with
more and more characters (and I'm not even counting all the
possibilities when it comes to making this more secure).


PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to