Speaking of MD5 hashes, I had the idea and the wherewithal to build a site that had a huge pile of passwords and their various matching MD5 hashes, crypts using all 26^2 salts, etc. People could submit passwords (or request that passwords be removed); I'd initially populate it with passwords built from rules used in applications like "john." It would allow sysadmins SOAP access to see if a password was "insecure" quickly and easily. However, the down side to this is that script-kiddies could use the database to break passwords if they can get their grubby little hands on it. I know this is PHP/MySQL list, but I'd write it in PHP/MySQL so it is sort of related. I'd like to hear your thoughts on the pros and cons of such a database. Beckman On Tue, 24 Jun 2003, [iso-8859-1] JeRRy wrote: > Marco, > > Thanks, that's what I originally thought that it was > one way. So websites that have the option to retrieve > password don't use md5? > > I guess technically there MUST be a way to break the > barrier where you can reverse it. If there is a way > to make it there is always a way to break it, somehow. > !!!! But what I have heard and read it's very tight > and probably the best method to handle passwords for > now, until something new is released. Which will > happen when md5 is broken, like everything else after > a little bit of time. --------------------------------------------------------------------------- Peter Beckman Internet Guy beckman@purplecow.com http://www.purplecow.com/ --------------------------------------------------------------------------- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
