Re: Re[2]: [PHP] Credit Card suggestions
On Tuesday 13 August 2002 10:57 am, you wrote: MD5 encryption of passwords is secure since you do not need to decrypt the password ever (in fact you can't). You just encrypt the password that the user entered and check if the MD5 of each password is the same, then the user most likely entered the correct password. I don't remember where I read this but it only takes the crackers about 1 - 2 seconds to crack your average MD5 encrypted password. This is quite logical because all they had to do is make a database of all of the MD5 sums of all the passwords in the various dictionaries. The only Linux distro in my (limited) experience that gave the option of MD5 encryption of passwords was Debian 2. Even then you had the option of shadow password files instead. Debian 2 is quite old. Later distros such as Mandrake 8.0 and up simply use shadow password files without other option. Regards Bob Parker -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re[2]: [PHP] Credit Card suggestions
On Tuesday 13 August 2002 12:20 pm, you wrote: Makes sense, except if you use upper and lowercase characters, numbers, and symbols (as you should for secure passwords). I would think that with these kind of passwords, storing the sheer number of posibilites would get slightly large. And I mean even if it is easy to break, it's more secure then storing them clear text. Adam Voigt [EMAIL PROTECTED] Thing that really scares me about MD5 being used anywhere that's easily accessible is what happens if 'pussycat' maps on to the same hash as 'H3ph!3s09Zw'. The crackers don't need the original password just something that generates the same hash. Bob Parker -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
