I didn't mean to contradict anyone, I just meant to make sure that Peter
knew that in this case it didn't matter.
Satyam
----- Original Message -----
From: "tedd" <tedd@xxxxxxxxxxxx>
To: <php-general@xxxxxxxxxxxxx>
Sent: Tuesday, September 05, 2006 6:18 PM
Subject: Re: Is this unsecure?
At 4:48 PM +0200 9/5/06, Satyam wrote:
It doesn't matter that MD5 is not secure or that it can be decripted
(which, in fact, it cannot, since it is a one-way code),
Not that you said otherwise.
It's my understanding that while MD5 has cannot be decrypted some
encryption can be cracked by matching matching results. They don't have to
work the code backwards.
For example, if I MD5 "apple" -- it will produces a corresponding code
(1f3870be274f6c49b3e31a0c6728957f). If a cracker has a library of
dictionary hash codes, it's a simple matter to compare all those hash
codes with my code to find a corresponding match, thus exposing "apple" as
the encrypted word.
That's one of the reasons why one shouldn't use a real word as a password.
tedd
PS: I wish my server had php5 for several reasons, including the crack
functions -- fascinating
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
