On Dec 21, 2011, at 5:10 PM, John Weller wrote:
> Could you explain why there can only be 65128 different values? I still
> maintain that it would be extremely difficult to recover the password from
> the stored numerical value :-)
That's a different issue than collision. With collision, you don't need
to know the original password; instead, you have a one in N chance of a random
string matching the password, where N is the total number of possible values.
So I could write a program to loop until the random string it creates is
accepted on your side because your algorithm generated the same number as the
actual password. In this case, on average it would only take 64K tries before I
got in, which, given today's processing power, might take a minute or two.
-- Ed Leafe
_______________________________________________
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/57ad1130-5ef0-481c-9d64-6a3c2b1a0...@leafe.com
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
