Hello Jason,
MD5 (32 bits) or SHA1 (64 bits) is better than plantext.
Implementation of a simple hash to store password take only a little time.
The best to do is both things.
On Jan 14, 2008 6:35 PM, Jason Pruim <[EMAIL PROTECTED]> wrote:
> Once you know the hash though, it's a simple matter from what I've heard
> to decrypt it with a brute force attack setup on your server. Sure it takes
> a little effort, but it is possible.
> even if you use all kinds of mixed case,
> different characters, punctuation, etc. to create the hash, with only 32
> bits to compare to you can have multiple sequences of numbers/letters that
> have the same hash.
>
> The best way to do it, I think would be to store the password outside of
> the webroot so that external applications don't have access to it. :)
>
> Just my 2ยข
> On Jan 14, 2008, at 3:17 PM, Roberto Berto wrote:
>
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
