At 12:10 PM -0500 9/5/06, Oscar Gosdinski wrote:
On 9/5/06, tedd <tedd@xxxxxxxxxxxx> wrote:
At 4:48 PM +0200 9/5/06, Satyam wrote:
It's my understanding that while MD5 has cannot be decrypted some
encryption can be cracked by matching matching results. They don't
have to work the code backwards.
For example, if I MD5 "apple" -- it will produces a corresponding
code (1f3870be274f6c49b3e31a0c6728957f). If a cracker has a library
of dictionary hash codes, it's a simple matter to compare all those
hash codes with my code to find a corresponding match, thus exposing
"apple" as the encrypted word.
That's one of the reasons why one shouldn't use a real word as a password.
If you are going to validate a e-mail address and a password i think
that is a better approach to generate the following hash:
$hash = md5($email . $password)
In this case, there is no way to get the clear password if you know
hash and have a database of hash codes.
Yes, and there are lot's of different techniques shown in the
comments under function HD5 in the php manual.
http://us3.php.net/manual/en/function.md5.php
I think it pays off in terms of security to consider adding
additional characters to passwords.
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
