On Tuesday 13 August 2002 10:57 am, you wrote: > MD5 encryption of passwords is secure since you do not need to decrypt the > password ever (in fact you can't). You just encrypt the password that the > user entered and check if the MD5 of each password is the same, then the > user most likely entered the correct password.
I don't remember where I read this but it only takes the crackers about 1 - 2 seconds to crack your average MD5 encrypted password. This is quite logical because all they had to do is make a database of all of the MD5 sums of all the passwords in the various dictionaries. The only Linux distro in my (limited) experience that gave the option of MD5 encryption of passwords was Debian 2. Even then you had the option of shadow password files instead. Debian 2 is quite old. Later distros such as Mandrake 8.0 and up simply use shadow password files without other option. Regards Bob Parker -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php