Re: Idea for securityfix in HTML

>
> > Yes, but a lot of systems use MD5 hashes in databases, for passwords by
> > example.
>
> Storing an MD5 hash in a database gives no security against compromises of
> the password in transit; it also gives little real protection if the
database
> is compromised, given that most real life passwords are vulnerable to
> dictionary attacks and MD5 is a fast algorithm compared with, say, the
> original Unix hash.
>

This is true, but the fact is that a lot of WWWebsites use such databases,
and this all could be made MORE secure, but it can't be COMPLETELY secure.


Regards,

D. Willems "Xatr0z" <xatr0z at users dot sourceforge dot net>

Received on Saturday, 16 November 2002 06:36:26 UTC