On Wed, 14 Aug 2002, Robert Parker wrote: >-On Tuesday 13 August 2002 12:20 pm, you wrote: >-> Makes sense, except if you use upper and lowercase characters, >-> numbers, and symbols (as you should for secure passwords). I >-> would think that with these kind of passwords, storing the sheer >-> number of posibilites would get slightly large. And I mean even >-> if it is easy to break, it's more secure then storing them clear >-> text. >-> >-> Adam Voigt >-> [EMAIL PROTECTED] >- >-Thing that really scares me about MD5 being used anywhere that's easily >-accessible is what happens if 'pussycat' maps on to the same hash as >-'H&3ph!3s09Zw'. The crackers don't need the original password just something >-that generates the same hash. >- >-Bob Parker
Whoa, I thought Bob was saying he found two strings that generate the same hash. md5(pussycat) = fd316a211a7178c6fbf09c4c2ac6fa05 md5(H&3ph!3s09Zw) = 4172a5caff5b7878144c8aae11f3de17 Guess not. WHEW! ************************************** John Huggins VANet [EMAIL PROTECTED] http://www.va.net/ ************************************** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
