- From: Xatr0z <xatr0z@home.nl>
- Date: Sat, 16 Nov 2002 12:34:22 +0100
- To: "David Woolley" <david@djwhome.demon.co.uk>
- Cc: <www-forms@w3.org>, <www-html@w3.org>, <www-html-editor@w3.org>
Received on Saturday, 16 November 2002 06:36:26 UTC
> > > Yes, but a lot of systems use MD5 hashes in databases, for passwords by > > example. > > Storing an MD5 hash in a database gives no security against compromises of > the password in transit; it also gives little real protection if the database > is compromised, given that most real life passwords are vulnerable to > dictionary attacks and MD5 is a fast algorithm compared with, say, the > original Unix hash. > This is true, but the fact is that a lot of WWWebsites use such databases, and this all could be made MORE secure, but it can't be COMPLETELY secure. Regards, D. Willems "Xatr0z" <xatr0z at users dot sourceforge dot net>
Received on Saturday, 16 November 2002 06:36:26 UTC