Doesn't md5 generate a 128 bit binary number???

That means there are 3.4028236692093846346337460743177e+38 possible
combinations which can be generated. So surely the odds of 2 strings
producing the same md5 code are 1 in

Having said that, I guess dictionary based attacks could break in fairly
easily. That's why I always make my users have numbers and mixed case in
their passwords. 

-----Original Message-----
From: John S. Huggins [mailto:[EMAIL PROTECTED]] 
Sent: 13 August 2002 17:48
To: Robert Parker
Subject: Re: Re[2]: [PHP] Credit Card suggestions

On Wed, 14 Aug 2002, Robert Parker wrote:

>-On Tuesday 13 August 2002 12:20 pm, you wrote:
>-> Makes sense, except if you use upper and lowercase characters, 
>-> numbers, and symbols (as you should for secure passwords). I would 
>-> think that with these kind of passwords, storing the sheer number of

>-> posibilites would get slightly large. And I mean even if it is easy 
>-> to break, it's more secure then storing them clear text.
>-> Adam Voigt
>-Thing that really scares me about MD5 being used anywhere that's 
>easily -accessible is what happens if 'pussycat' maps on to the same 
>hash as -'H&3ph!3s09Zw'. The crackers don't need the original password 
>just something -that generates the same hash.

Sure this is possible and I agree a concern.  With MD5 there is some
mathematically small chance this will happen.  With SHA even smaller.
However, where do we draw the line?

I suppose requiring users to use long passphrases instead of passwords
and MD5 that result would help with this issue.

>-Bob Parker
>-PHP General Mailing List (
>-To unsubscribe, visit:


John Huggins



PHP General Mailing List (
To unsubscribe, visit:

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to