2010/8/24 Bob McConnell <rvm@xxxxxxxxx>: > From: Peter Lind > >> On 24 August 2010 15:43, Gary <php-general@xxxxxxxxxxxxxxx> wrote: >>> Jan G.B. wrote: >>> >>>> The weakness of MD5 is mainly because MD5 collisions are possible. >>>> That means, that different strings can have the same MD5-hash... >>> >>> http://en.wikipedia.org/wiki/MD5#cite_note-1 >> >> It's worth noting that that essentially does not touch upon whether or >> not MD5 can be considered safe or not as a means to store password >> information. The researchers have discovered ways of crafting inputs >> to easily find colliding hashes - they have not discovered any easy >> means to craft an input that will collide with a given hash. > > That's a simple matter of brute force, which can be done once and saved > for instant use later. However, putting a salt into your algorithm > pretty much eliminates the chances of success using that attack. > > Bob McConnell > Thanks.. actually it's quite annoying when you post an answer which tries to explain a subject and people just post a link as response to one citation which somehow lacks relevance on the topic. My intro-sentence was "I'm not a crypto expert". Gary, do you expect me to read the full detail report of Tao Xie and Dengguo Feng? Can you sum it up in two or three sentences? Regards -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
