[wp-hackers] Rethinking check_admin_referer()

Doug Stewart dstewart at atl.lmco.com
Fri Apr 21 21:51:57 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul Mitchell wrote:
> Robert Deaton wrote:
> 
>>You might want to think twice about it, but that's only because you
>>don't understand what a hash is.Before you continue to make a fool of
>>yourself, here's some information on the nice md5() function you see
>>wrapped around that information.
>>  
> 
> I don't feel particularly foolish, Robert. I'm not a security expert and
> I'm always willing to learn.
> 
> I'm happy to educate myself as to the operation of MD5, if you think
> that will help. Is there something particular about MD5 as opposed to
> other hashing functions that makes it worthy of attention?
> 

It's quick and Relatively Good Enough for operations (like in this case)
whose timeframe for expiration are far shorter than the time it would
take to crack the hash itself.  Although, the Wikipedia article Robert
linked to does point out a lot of the shortcomings with MD5.  Why don't
we use sha1() instead?

- --
- ----------
Doug Stewart
Systems Administrator/Web Applications Developer
Lockheed Martin Advanced Technology Labs
dstewart at atl.lmco.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Red Hat - http://enigmail.mozdev.org

iD8DBQFESVP9N50Q8DVvcvkRAiq4AJ9lg1Mnp9zSLQicX0fd/8tsAHDKSQCeLGEl
P50auEWV5Ix0gVtASX4/DUI=
=Aw1c
-----END PGP SIGNATURE-----


More information about the wp-hackers mailing list