Or, like the article suggested, a random portion for the hash... I agree with you, Micah. The hash collision is a problem, and must be avoided. Same password hashes for different users are very good candidates for a dictionary attack. Probably, in most of this cases, users picked "easy" passwords, like "1234" or "admin". Cheers 2009/2/9 Micah Gersten <micah@xxxxxxxxxxx> > > onlist this time... > > tedd wrote: > > > > <snip> > > > > > > I think the MD5() hash is a pretty good way and if the weakness is the > > > user's lack of uniqueness in determining their passwords, then we can > > > focus on that problem instead of looking to another hash. And besides, > > > the solution presented was to create a salt and use that -- that's > > > just another step in the algorithm process not much different than > > > what I propose. > > > > > > Cheers, > > > > > > tedd > > > > > > > The MD5 hash IS the problem. The problem isn't the uniqueness of the > passwords, but rather the uniqueness of the hash. The solution is to use > another hash that does not have the same collision issues. > > Thank you, > Micah Gersten > onShore Networks > Internal Developer > http://www.onshore.com > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- Bruno Fajardo - Desenvolvimento bruno.fajardo@xxxxxxxxxxxx - www.dinamize.com Dinamize RS - Porto Alegre-RS - CEP 90420-111 Fones (51) 3027 7158 / 8209 4181 - Fax (51) 3027 7150 Dinamize BA - Lauro de Freitas - Fone 71 3379.7830 Dinamize SC - Joinville - Fone 47 3025.1182 Dinamize DF - Asa Norte - Brasília - Fone 61 3274.1172 Dinamize SP - São Paulo - Fone 11 6824.6250 Dinamize PR - Curitiba - Fone 41 3306.4388 Dinamize RS - Caxias do Sul - Fone 54 3533.4333 Dinamize RJ - Rio de Janeiro - Fone 21 2169.6311 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
