It's not encryption (it can't be decrypted, as I understand). There is no k ey, it's a one-way mathematical function. Anybody can use it, and will get the same result with the same input. I suppose it could be brute-force att acked, but haven't heard of any successes ... perhaps because it's not desi gned to be decrypted.
It's used to "exchange" keys without actually sending keys over communicati on lines during the initial handshake to set up SSL, for example. best, Chris Norloff ---------- Original Message ---------------------------------- from: "Andrew Scott" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] date: Wed, 20 Feb 2002 02:24:26 +1100 >As with any Encryption, it needs a key. Break the key and you can >deEncrypt the string. MD5 is also not very secure as there are programs >that can be found to break this key, I would think about a 3rd party com >object that would be a little bit more secure than MD5.. > >-----Original Message----- >From: Chris Norloff [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, 20 February 2002 2:17 AM >To: CF-Talk >Subject: OT: only one MD5 hash? > >We're planning to hash user passwords before storing them in the >database. We have a Java application server that will also be hashing >user's passwords and comparing them to the hashed passwords in the >database. > >We both use the MD5 hash - is there only one version of an MD5 hash? > >We're testing this now, but I thought I'd ask the question so I can have >(maybe) some answers if we get different results with the two hash >functions. > >thanks, >Chris Norloff > > > ______________________________________________________________________ Get Your Own Dedicated Windows 2000 Server PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation · $99/Month · Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionb FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists