This is waaay over my head, but if any of you are interested: http://www.faqs.org/rfcs/rfc1321 I just read it and have come to the conclusion that MD5 is a small, British sports car ;^) Rich > -----Original Message----- > From: Marco Tabini [mailto:marcot@tabini.ca] > Sent: Tuesday, June 24, 2003 9:30 AM > To: JeRRy > Cc: php-db@lists.php.net > Subject: Re: md5 question! > > > On Tue, 2003-06-24 at 09:08, JeRRy wrote: > > I guess technically there MUST be a way to break the > > barrier where you can reverse it. If there is a way > > to make it there is always a way to break it, somehow. > > !!!! But what I have heard and read it's very tight > > and probably the best method to handle passwords for > > now, until something new is released. Which will > > happen when md5 is broken, like everything else after > > a little bit of time. > > Well, that's not necessarily true. Take something as simple as an > integer division. Say that in order calculate your hash you divide any > number by 3 and discard the remainder. The result '4' could mean that > your original number could be anywhere between 12 and 14, for example, > so that even if you know that method that was used to > calculate the hash > you couldn't determine the original password from it. md5 works on a > similar basis, although a bit (but not that much) more complicated. So > you see, it's mathematically impossible to retrieve the original > password starting from the hash... which is a Good Thing(tm) :-) > > > Marco > > -- > php|architect -- The Magazine for PHP Professionals > Come try us out at http://www.phparch.com and get a free trial issue > > > > > > > Jerry > > > > --- Marco Tabini <marcot@tabini.ca> wrote: > Hi > > Jerry-- > > > > > > No, md5 is a one-way hash. That's why it's so > > > safe--because if someone > > > steals the information he still can't tell what the > > > passwords are. > > > > > > You may want to reset the passwords upon your users' > > > request and send it > > > to them via e-mail instead. > > > > > > Cheers, > > > > > > > > > Marco > > > > > > -- > > > php|architect -- The Magazine for PHP Professionals > > > Come try us out at http://www.phparch.com and get a > > > free trial issue > > > > > > > > > On Tue, 2003-06-24 at 08:35, JeRRy wrote: > > > > Hi, > > > > > > > > If I use md5 to handle passwords to my database is > > > > there a way to reverse the action if someone > > > forgets > > > > their password? Is there a way for me to decode > > > the > > > > 32bit to plain text? > > > > > > > > Jerry > > > > > > > > http://mobile.yahoo.com.au - Yahoo! Mobile > > > > - Check & compose your email via SMS on your > > > Telstra or Vodafone mobile. > > > -- > > > > > > Marco Tabini > > > President > > > > > > Marco Tabini & Associates, Inc. > > > 28 Bombay Avenue > > > Toronto, ON M3H 1B7 > > > Canada > > > > > > Phone: (416) 630-6202 > > > Fax: (416) 630-5057 > > > Web: http://www.tabini.ca > > > > > > > > > -- > > > PHP Database Mailing List (http://www.php.net/) > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > http://mobile.yahoo.com.au - Yahoo! Mobile > > - Check & compose your email via SMS on your Telstra or > Vodafone mobile. > -- > > Marco Tabini > President > > Marco Tabini & Associates, Inc. > 28 Bombay Avenue > Toronto, ON M3H 1B7 > Canada > > Phone: (416) 630-6202 > Fax: (416) 630-5057 > Web: http://www.tabini.ca > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
