[wp-hackers] Security Vulnerability found

Carthik Sharma carthik at gmail.com
Wed Apr 13 21:23:39 GMT 2005


On 4/13/05, Robert Deaton <false.hopes at gmail.com> wrote:
> The way I see this, it is entirely silly that someone would post such a
> vunerability. 

I agree .

>  As far as Denis' comments, if I remember correctly passwords are stored as
> a double hashed md5, which would be very tiresome to reverse, although it
> would still be possible, 

With a cluster of IBM mainframes or supercomputers, it is possible
under an hour, when there are "collisions" - where two strings map to
the same hash. Hell, if the cracker had a supercomputer, or access to
a cluster that can do this, I'd invite him over for tea. Jokes apart,
a doubly-hashed string is not reversible, using practical, easily
available tools.


Carthik.


More information about the wp-hackers mailing list