On Wed, 14 Aug 2002, Robert Parker wrote:

>-On Tuesday 13 August 2002 12:20 pm, you wrote:
>-> Makes sense, except if you use upper and lowercase characters,
>-> numbers, and symbols (as you should for secure passwords). I
>-> would think that with these kind of passwords, storing the sheer
>-> number of posibilites would get slightly large. And I mean even
>-> if it is easy to break, it's more secure then storing them clear
>-> text.
>-> Adam Voigt
>-Thing that really scares me about MD5 being used anywhere that's easily
>-accessible is what happens if 'pussycat' maps on to the same hash as 
>-'H&3ph!3s09Zw'. The crackers don't need the original password just something 
>-that generates the same hash.

Sure this is possible and I agree a concern.  With MD5 there is some
mathematically small chance this will happen.  With SHA even smaller.
However, where do we draw the line?

I suppose requiring users to use long passphrases instead of passwords and
MD5 that result would help with this issue.

>-Bob Parker
>-PHP General Mailing List (http://www.php.net/)
>-To unsubscribe, visit: http://www.php.net/unsub.php


John Huggins



PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to