Re: md5 question!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2003-06-24 at 09:08, JeRRy wrote:
> I guess technically there MUST be a way to break the
> barrier where you can reverse it.  If there is a way
> to make it there is always a way to break it, somehow.
>  !!!!  But what I have heard and read it's very tight
> and probably the best method to handle passwords for
> now, until something new is released.  Which will
> happen when md5 is broken, like everything else after
> a little bit of time.

Well, that's not necessarily true. Take something as simple as an
integer division. Say that in order calculate your hash you divide any
number by 3 and discard the remainder. The result '4' could mean that
your original number could be anywhere between 12 and 14, for example,
so that even if you know that method that was used to calculate the hash
you couldn't determine the original password from it. md5 works on a
similar basis, although a bit (but not that much) more complicated. So
you see, it's mathematically impossible to retrieve the original
password starting from the hash... which is a Good Thing(tm) :-)


Marco

--
php|architect -- The Magazine for PHP Professionals
Come try us out at http://www.phparch.com and get a free trial issue

> 
> 
> Jerry
> 
>  --- Marco Tabini <marcot@tabini.ca> wrote: > Hi
> Jerry--
> > 
> > No, md5 is a one-way hash. That's why it's so
> > safe--because if someone
> > steals the information he still can't tell what the
> > passwords are.
> > 
> > You may want to reset the passwords upon your users'
> > request and send it
> > to them via e-mail instead.
> > 
> > Cheers,
> > 
> > 
> > Marco
> > 
> > --
> > php|architect -- The Magazine for PHP Professionals
> > Come try us out at http://www.phparch.com and get a
> > free trial issue
> > 
> > 
> > On Tue, 2003-06-24 at 08:35, JeRRy wrote:
> > > Hi,
> > > 
> > > If I use md5 to handle passwords to my database is
> > > there a way to reverse the action if someone
> > forgets
> > > their password?  Is there a way for me to decode
> > the
> > > 32bit to plain text?
> > > 
> > > Jerry
> > > 
> > > http://mobile.yahoo.com.au - Yahoo! Mobile
> > > - Check & compose your email via SMS on your
> > Telstra or Vodafone mobile.
> > -- 
> > 
> > Marco Tabini
> > President
> > 
> > Marco Tabini & Associates, Inc.
> > 28 Bombay Avenue
> > Toronto, ON M3H 1B7
> > Canada
> > 
> > Phone: (416) 630-6202
> > Fax: (416) 630-5057
> > Web: http://www.tabini.ca
> > 
> > 
> > -- 
> > PHP Database Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >  
> 
> http://mobile.yahoo.com.au - Yahoo! Mobile
> - Check & compose your email via SMS on your Telstra or Vodafone mobile.
-- 

Marco Tabini
President

Marco Tabini & Associates, Inc.
28 Bombay Avenue
Toronto, ON M3H 1B7
Canada

Phone: (416) 630-6202
Fax: (416) 630-5057
Web: http://www.tabini.ca


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux