> Note that passwords held in $DefaultPasswords and $AuthUser > are encrypted, so even if someone obtains the encrypted values > they would still need to break the encryption to learn the > actual passwords. > I am not sure exactly how the PHP encryption function works, but could getting the encrypted passwords make it possible for someone to run a dictionary attack.
In other words if you don't use strong passwords someone just runs their dictionary/generation algorithm through the crypt function and compares the output to the encrypted value? Ian. _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
