[wp-hackers] Security Vulnerability found
Carthik Sharma
carthik at gmail.com
Wed Apr 13 21:23:39 GMT 2005
On 4/13/05, Robert Deaton <false.hopes at gmail.com> wrote:
> The way I see this, it is entirely silly that someone would post such a
> vunerability.
I agree .
> As far as Denis' comments, if I remember correctly passwords are stored as
> a double hashed md5, which would be very tiresome to reverse, although it
> would still be possible,
With a cluster of IBM mainframes or supercomputers, it is possible
under an hour, when there are "collisions" - where two strings map to
the same hash. Hell, if the cracker had a supercomputer, or access to
a cluster that can do this, I'd invite him over for tea. Jokes apart,
a doubly-hashed string is not reversible, using practical, easily
available tools.
Carthik.
More information about the wp-hackers
mailing list