[pmwiki-users] EnableDiag
Dominique Faure
dominique.faure at gmail.com
Fri Mar 2 07:45:26 CST 2007
On 3/2/07, Ian Barton <lists at manor-farm.org> wrote:
>
> > Note that passwords held in $DefaultPasswords and $AuthUser
> > are encrypted, so even if someone obtains the encrypted values
> > they would still need to break the encryption to learn the
> > actual passwords.
> >
> I am not sure exactly how the PHP encryption function works, but could
> getting the encrypted passwords make it possible for someone to run a
> dictionary attack.
>
> In other words if you don't use strong passwords someone just runs their
> dictionary/generation algorithm through the crypt function and compares
> the output to the encrypted value?
>
> Ian.
>
Feel free to refer to: http://docs.php.net/manual/en/function.crypt.php
Regards,
Dom
More information about the pmwiki-users
mailing list