Makes sense, except if you use upper and lowercase characters, numbers, and symbols (as you should for secure passwords). I would think that with these kind of passwords, storing the sheer number of posibilites would get slightly large. And I mean even if it is easy to break, it's more secure then storing them clear text.
Adam Voigt [EMAIL PROTECTED] On Wed, 2002-08-14 at 02:20, Robert Parker wrote: > On Tuesday 13 August 2002 10:57 am, you wrote: > > MD5 encryption of passwords is secure since you do not need to decrypt the > > password ever (in fact you can't). You just encrypt the password that the > > user entered and check if the MD5 of each password is the same, then the > > user most likely entered the correct password. > > I don't remember where I read this but it only takes the crackers about 1 - 2 > seconds to crack your average MD5 encrypted password. This is quite logical > because all they had to do is make a database of all of the MD5 sums of all > the passwords in the various dictionaries. > The only Linux distro in my (limited) experience that gave the option of MD5 > encryption of passwords was Debian 2. Even then you had the option of shadow > password files instead. Debian 2 is quite old. Later distros such as Mandrake > 8.0 and up simply use shadow password files without other option. > > Regards > Bob Parker > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
