[wp-hackers] Security Vulnerability found

Carthik Sharma carthik at gmail.com
Thu Apr 14 00:28:29 GMT 2005


Good to know that we don't disagree on this Matt :) I said the same
thing as you did, in probably a more obfuscated fashion.

Carthik.

On 4/13/05, Matt Mullenweg <m at mullenweg.com> wrote:
> Carthik Sharma wrote:
> > With a cluster of IBM mainframes or supercomputers, it is possible
> > under an hour, when there are "collisions" - where two strings map to
> > the same hash. Hell, if the cracker had a supercomputer, or access to
> > a cluster that can do this, I'd invite him over for tea. Jokes apart,
> > a doubly-hashed string is not reversible, using practical, easily
> > available tools.
> 
> Anything is possible, but I think the security/usability tradeoffs we
> make maximize the security of WordPress and the user experience. Sure,
> it could be a lot more ultra-paranoid, but I don't think users would
> really gain anything except complexity. Would you live in a house where
> you had to do a biometric scan to be able to move between rooms?
> 
> --
> Matt Mullenweg
> http://photomatt.net  | http://wordpress.org
> http://pingomatic.com | http://cnet.com
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
> 


-- 
When nothing is done, nothing is left undone -- 老子 Lǎozi

University of Central Florida
Homepage: http://carthik.net


More information about the wp-hackers mailing list