[wp-hackers] Security Vulnerability found
Matt Mullenweg
m at mullenweg.com
Wed Apr 13 22:55:17 GMT 2005
Carthik Sharma wrote:
> With a cluster of IBM mainframes or supercomputers, it is possible
> under an hour, when there are "collisions" - where two strings map to
> the same hash. Hell, if the cracker had a supercomputer, or access to
> a cluster that can do this, I'd invite him over for tea. Jokes apart,
> a doubly-hashed string is not reversible, using practical, easily
> available tools.
Anything is possible, but I think the security/usability tradeoffs we
make maximize the security of WordPress and the user experience. Sure,
it could be a lot more ultra-paranoid, but I don't think users would
really gain anything except complexity. Would you live in a house where
you had to do a biometric scan to be able to move between rooms?
--
Matt Mullenweg
http://photomatt.net | http://wordpress.org
http://pingomatic.com | http://cnet.com
More information about the wp-hackers
mailing list