On Tue, 2003-06-24 at 09:36, JeRRy wrote: > Hi, > > Hmmm okay... So if the passowrd was. > [snip] There are ways to avoid this. Typically, you can add a random token (or a salt) to the password before you calculate its checksum. This way, two users with the same password will have two different hashes. However, a brute-force approach as the one suggested is *not* quite as simple and powerful as it looks. assuming that there are even just 62 valid characters for the password (uppercase+lowercase+digits) to go over passwords as short as five characters you'd have to do 380,204,032 iterations. Add one more digit and you're already up to 19,770,609,664. Sure, these are not insurmountable numbers, but they quickly add up with more and more characters (and I'm not even counting all the possibilities when it comes to making this more secure). Mt. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
