Sergei Gorelkin schrieb:
> Friday, November 24, 2006, 12:36:35 PM, Bram wrote:
>
> BK> A.J. Venter wrote:
>>> That seemed to work fine - except it turns out that MD5 is even LESS
>>> reliable
>>> than I thought, at least on small data.
>>> I had a bug report (and confirmed it) that you can log into anybody's
>>> account
>>> if you simply know how many characters his password has.
>>>
>>> Apparently '123456' generates exactly the same MD5SUM as 'beebob' (for any
>>> particular set of values) !
>
> BK> This is not the case for the MD5 algorithm as defined in RFC 1321.
>
> BK> $ echo 123456|md5sum
> BK> f447b20a7fcbf53a5d5be013ea0b15af *-
>
> BK> $ echo beebob|md5sum
> BK> bd9dc720ce0f1976d760a803c1d12370 *-
Just noticed, this is wrong ;) You're hashing the newline as well in this case.
_________________________________________________________________
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject
archives at http://www.lazarus.freepascal.org/mailarchives
