[wp-hackers] Security Vulnerability found

Matt Mullenweg m at mullenweg.com
Wed Apr 13 22:55:17 GMT 2005


Carthik Sharma wrote:
> With a cluster of IBM mainframes or supercomputers, it is possible
> under an hour, when there are "collisions" - where two strings map to
> the same hash. Hell, if the cracker had a supercomputer, or access to
> a cluster that can do this, I'd invite him over for tea. Jokes apart,
> a doubly-hashed string is not reversible, using practical, easily
> available tools.

Anything is possible, but I think the security/usability tradeoffs we 
make maximize the security of WordPress and the user experience. Sure, 
it could be a lot more ultra-paranoid, but I don't think users would 
really gain anything except complexity. Would you live in a house where 
you had to do a biometric scan to be able to move between rooms?

-- 
Matt Mullenweg
http://photomatt.net  | http://wordpress.org
http://pingomatic.com | http://cnet.com


More information about the wp-hackers mailing list