W3C home > Mailing lists > Public > www-html@w3.org > November 2002

Re: Idea for securityfix in HTML

From: David Woolley <david@djwhome.demon.co.uk>
Date: Sat, 16 Nov 2002 11:10:19 +0000 (GMT)
Message-Id: <200211161110.gAGBAKo06270@djwhome.demon.co.uk>
To: www-html@w3.org

> Yes, but a lot of systems use MD5 hashes in databases, for passwords by
> example.

Storing an MD5 hash in a database gives no security against compromises of
the password in transit; it also gives little real protection if the database
is compromised, given that most real life passwords are vulnerable to
dictionary attacks and MD5 is a fast algorithm compared with, say, the
original Unix hash.
Received on Saturday, 16 November 2002 06:10:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 March 2012 18:15:53 GMT