[wp-hackers] Rethinking check_admin_referer()

Owen Winkler ringmaster at midnightcircus.com
Sat Apr 22 00:17:10 GMT 2006


Robert Deaton wrote:
> On 4/21/06, Denis de Bernardy <denis at semiologic.com> wrote:
>> Note that "try all combinations" is not a realistic exercise.
>> Usually password cracking is done with the help of dictionaries, which
>> contain both regular words and various mutations of them.  So, even
>> somewhat word-like passwords could be cracked much faster than the above
>> numbers suggest, and a 6-character non-word like password may escape
>> cracking.  Or not.
> 
> Still, all of this is irrelevant to the discussion, which has nothing
> to do with cracking md5s or finding their collisions. 

+1.

Owen


More information about the wp-hackers mailing list