On 3/2/07, Ian Barton <[EMAIL PROTECTED]> wrote: > > > Note that passwords held in $DefaultPasswords and $AuthUser > > are encrypted, so even if someone obtains the encrypted values > > they would still need to break the encryption to learn the > > actual passwords. > > > I am not sure exactly how the PHP encryption function works, but could > getting the encrypted passwords make it possible for someone to run a > dictionary attack. > > In other words if you don't use strong passwords someone just runs their > dictionary/generation algorithm through the crypt function and compares > the output to the encrypted value? > > Ian. >
Feel free to refer to: http://docs.php.net/manual/en/function.crypt.php Regards, Dom _______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users