On Wed, 14 Aug 2002, Robert Parker wrote: >-On Tuesday 13 August 2002 12:20 pm, you wrote: >-> Makes sense, except if you use upper and lowercase characters, >-> numbers, and symbols (as you should for secure passwords). I >-> would think that with these kind of passwords, storing the sheer >-> number of posibilites would get slightly large. And I mean even >-> if it is easy to break, it's more secure then storing them clear >-> text. >-> >-> Adam Voigt >-> [EMAIL PROTECTED] >- >-Thing that really scares me about MD5 being used anywhere that's easily >-accessible is what happens if 'pussycat' maps on to the same hash as >-'H&3ph!3s09Zw'. The crackers don't need the original password just something >-that generates the same hash.
Sure this is possible and I agree a concern. With MD5 there is some mathematically small chance this will happen. With SHA even smaller. However, where do we draw the line? I suppose requiring users to use long passphrases instead of passwords and MD5 that result would help with this issue. >- >-Bob Parker >- >--- >-PHP General Mailing List (http://www.php.net/) >-To unsubscribe, visit: http://www.php.net/unsub.php >- ************************************** John Huggins VANet [EMAIL PROTECTED] http://www.va.net/ ************************************** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
