[EMAIL PROTECTED] wrote:
Still.. that has nothing to do with how well known MD5 is (so I stand by my point).
Was not trying to refute your point. Just pointing something out with
regards to the "security" of MD5 hashes, and what being "well known" or
at least popular does for you. What you say is true...and at the end of
the day locks only keep honest people out...
(but something like this could be a decent way to check for strength of
passwords..)
-B
All these databases are is a giant list of pre-MD5'd strings. Brute force
stuff, no magic behind it that allows for reversing MD5. You could technically
do that with just about any crypto or hashing system. Just happens that MD5 is
one that's been focused on and more complicated systems would require
exponentially more variables in what you'd have to enter. For instance, you
could do this with PGP, but I'm guessing you'd have to have at least two pass
phrases and how many things go into generating the public and private keys,
plus the message/file that was encrypted. So for one short text string, you
could possibly have a database as large as all the MD5 projects put together...
but you could potentially do the same thing. At that point it's highly
prohibitive though.
I got the idea that MD5 really wasn't what he was looking for anyway, so going
into detail about the security of it didn't seem fruitful. I talk too much as
it is. hah
This is a good point though. MD5 isn't great security, particuarly with the
databases like the one you mentioned, but most of us aren't storing national
security documents. As with security since the dawn of time, it's all a
matter of how valuable is what you're protecting versus the cost of
implementing a protection scheme. 7-11 doesn't hire secret service to protect
against midnight robberies.
-TG
= = = Original message = = =
[EMAIL PROTECTED] wrote:
So the fact that MD5 is a well known algorithm doesn't really make a difference
as far as security goes.
Except for the fact of the growing number of databases that will map the
hashes back to the clear text (for example: http://md5.benramsey.com/)
Of course it is nice because it is a common implementation, and can be
done on the server side, as well as the client side.
___________________________________________________________
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
