[wp-hackers] Wordpress Event Viewer Plugin

Robert Deaton false.hopes at gmail.com
Tue Apr 3 19:48:17 GMT 2007


On 4/3/07, Computer Guru <computerguru at neosmart.net> wrote:
> I have a rule: I only repeat my username/pass combo if I know for fact that
> the site uses encryption.
>
> For instance, IPB, vBulletin, MyTopix, MyBB - I trust these, because it
> encrypts the password in the DB.

No they don't. And even if they did, they'd have to be able to
unencrypt them somewhere in the script anyways to compare against the
one you enter.

Its a one-way hash, and thinking it can't be looked up in a rainbow
table or brute forced fairly easily is more often than not wrong
(because more often than not people are using things like md5() once
without any sort of salt to hash the password).

But please, do not call it encryption. It is not, and it will never
be. Encrypting passwords in a database is just silly.



-- 
--Robert Deaton
http://lushlab.com


More information about the wp-hackers mailing list