On Wed, 14 Aug 2002, Robert Parker wrote:

>-On Tuesday 13 August 2002 12:20 pm, you wrote:
>-> Makes sense, except if you use upper and lowercase characters,
>-> numbers, and symbols (as you should for secure passwords). I
>-> would think that with these kind of passwords, storing the sheer
>-> number of posibilites would get slightly large. And I mean even
>-> if it is easy to break, it's more secure then storing them clear
>-> text.
>-> Adam Voigt
>-Thing that really scares me about MD5 being used anywhere that's easily
>-accessible is what happens if 'pussycat' maps on to the same hash as 
>-'H&3ph!3s09Zw'. The crackers don't need the original password just something 
>-that generates the same hash.
>-Bob Parker

Whoa, I thought Bob was saying he found two strings that generate the same

md5(pussycat) = fd316a211a7178c6fbf09c4c2ac6fa05
md5(H&3ph!3s09Zw) = 4172a5caff5b7878144c8aae11f3de17

Guess not.  WHEW!


John Huggins



PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to