On Fri, Mar 02, 2007 at 11:28:10AM +0000, Ian Barton wrote: > > > Note that passwords held in $DefaultPasswords and $AuthUser > > are encrypted, so even if someone obtains the encrypted values > > they would still need to break the encryption to learn the > > actual passwords. > > > I am not sure exactly how the PHP encryption function works, but could > getting the encrypted passwords make it possible for someone to run a > dictionary attack. > > In other words if you don't use strong passwords someone just runs their > dictionary/generation algorithm through the crypt function and compares > the output to the encrypted value?
Yes, weak passwords would be subject to a dictionary attack. Pm _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
