No announcement yet.

URGENT: Can a hacker get users passwords using this link

  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Originally posted by bangbang
    An MD5 is a one way hash only and isn NOT reversable if a user does obtain it. Doesn't matter how much processing power, time or dictionary based scripts they run against it, just can't be done.
    True, but what's to stop someone who knows the outcome of a straight MD5 hash without a salt trying to recreate the same MD5 hash themselves by brute force?

    Let's say the plaintext password is 'ABC' and the MD5 hash of this is '123'.
    If I knew the output hash value is '123', could I not try different plaintext passwords until I got an MD5 output hash value of '123'? Then wouldn't I have a valid plaintext password?

    I'm not suggesting it's reversable, but without a salt value, the MD5 hash will always work in exactly the same.


    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.