Still.. that has nothing to do with how well known MD5 is (so I stand by my point). All these databases are is a giant list of pre-MD5'd strings. Brute force stuff, no magic behind it that allows for reversing MD5. You could technically do that with just about any crypto or hashing system. Just happens that MD5 is one that's been focused on and more complicated systems would require exponentially more variables in what you'd have to enter. For instance, you could do this with PGP, but I'm guessing you'd have to have at least two pass phrases and how many things go into generating the public and private keys, plus the message/file that was encrypted. So for one short text string, you could possibly have a database as large as all the MD5 projects put together... but you could potentially do the same thing. At that point it's highly prohibitive though.
I got the idea that MD5 really wasn't what he was looking for anyway, so going into detail about the security of it didn't seem fruitful. I talk too much as it is. hah This is a good point though. MD5 isn't great security, particuarly with the databases like the one you mentioned, but most of us aren't storing national security documents. As with security since the dawn of time, it's all a matter of how valuable is what you're protecting versus the cost of implementing a protection scheme. 7-11 doesn't hire secret service to protect against midnight robberies. -TG = = = Original message = = = [EMAIL PROTECTED] wrote: > So the fact that MD5 is a well known algorithm doesn't really make a > difference > as far as security goes. Except for the fact of the growing number of databases that will map the hashes back to the clear text (for example: http://md5.benramsey.com/) Of course it is nice because it is a common implementation, and can be done on the server side, as well as the client side. ___________________________________________________________ Sent by ePrompter, the premier email notification software. Free download at http://www.ePrompter.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
