True, and there's always the MCRYPT library. Adam Voigt [EMAIL PROTECTED]
On Tue, 2002-08-13 at 12:48, John S. Huggins wrote: > On Wed, 14 Aug 2002, Robert Parker wrote: > > >-On Tuesday 13 August 2002 12:20 pm, you wrote: > >-> Makes sense, except if you use upper and lowercase characters, > >-> numbers, and symbols (as you should for secure passwords). I > >-> would think that with these kind of passwords, storing the sheer > >-> number of posibilites would get slightly large. And I mean even > >-> if it is easy to break, it's more secure then storing them clear > >-> text. > >-> > >-> Adam Voigt > >-> [EMAIL PROTECTED] > >- > >-Thing that really scares me about MD5 being used anywhere that's easily > >-accessible is what happens if 'pussycat' maps on to the same hash as > >-'H&3ph!3s09Zw'. The crackers don't need the original password just something > >-that generates the same hash. > > Sure this is possible and I agree a concern. With MD5 there is some > mathematically small chance this will happen. With SHA even smaller. > However, where do we draw the line? > > I suppose requiring users to use long passphrases instead of passwords and > MD5 that result would help with this issue. > > >- > >-Bob Parker > >- > >--- > >-PHP General Mailing List (http://www.php.net/) > >-To unsubscribe, visit: http://www.php.net/unsub.php > >- > > ************************************** > > John Huggins > VANet > > [EMAIL PROTECTED] > http://www.va.net/ > > ************************************** > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php