On 9/5/06, tedd <[EMAIL PROTECTED]> wrote:
At 4:48 PM +0200 9/5/06, Satyam wrote:
It's my understanding that while MD5 has cannot be decrypted some
encryption can be cracked by matching matching results. They don't
have to work the code backwards.
For example, if I MD5 "apple" -- it will produces a corresponding
code (1f3870be274f6c49b3e31a0c6728957f). If a cracker has a library
of dictionary hash codes, it's a simple matter to compare all those
hash codes with my code to find a corresponding match, thus exposing
"apple" as the encrypted word.
That's one of the reasons why one shouldn't use a real word as a password.
If you are going to validate a e-mail address and a password i think
that is a better approach to generate the following hash:
$hash = md5($email . $password)
In this case, there is no way to get the clear password if you know
hash and have a database of hash codes.
--
Saludos
Oscar
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
