On 9/5/06, tedd <tedd@xxxxxxxxxxxx> wrote:
At 4:48 PM +0200 9/5/06, Satyam wrote: It's my understanding that while MD5 has cannot be decrypted some encryption can be cracked by matching matching results. They don't have to work the code backwards. For example, if I MD5 "apple" -- it will produces a corresponding code (1f3870be274f6c49b3e31a0c6728957f). If a cracker has a library of dictionary hash codes, it's a simple matter to compare all those hash codes with my code to find a corresponding match, thus exposing "apple" as the encrypted word. That's one of the reasons why one shouldn't use a real word as a password.
If you are going to validate a e-mail address and a password i think that is a better approach to generate the following hash: $hash = md5($email . $password) In this case, there is no way to get the clear password if you know hash and have a database of hash codes. -- Saludos Oscar -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
