[wp-testers] Wordpress Google MD5 hash crack
Bull3t
bull3t at ntlworld.com
Wed Nov 21 15:57:05 GMT 2007
You need to know the MD5 hash of the password in the first place and even
then it is just luck of the draw, it really isn't that worrying. Just use a
password that isn't part of a language?
--------------------------------------------
Bull3t
http://www.bull3t.me.uk/
> -----Original Message-----
> From: wp-testers-bounces at lists.automattic.com [mailto:wp-testers-
> bounces at lists.automattic.com] On Behalf Of Pål GD
> Sent: 21 November 2007 13:45
> To: wp-testers at lists.automattic.com
> Subject: Re: [wp-testers] Wordpress Google MD5 hash crack
>
> Cornell Finch wrote:
> > I know this probably isn't the right place to put this but I don't
> > know where else to submit it:
> >
> > http://www.theregister.co.uk/2007/11/21/google_md5_crack/
> >
> > Is this something we should be worried about?
> >
> > Collin
> Yes, indeed. Wordpress should have been doing salting[1], which I don't
> think they do.
>
> [1] http://en.wikipedia.org/wiki/Salting_(cryptography)
> _______________________________________________
> wp-testers mailing list
> wp-testers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-testers
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.503 / Virus Database: 269.16.2/1143 - Release Date:
21/11/2007
> 10:01
>
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.16.2/1143 - Release Date: 21/11/2007
10:01
More information about the wp-testers
mailing list