Posted by simon on 05/27/05 22:04

>>Sorry, but that's not true.
>>As said, it is technically possible to get the original string but near
>>impossible to do so.
>
> Well, whilst it's technically possible to get a string that hashes to the
> same
> value (which is generally all you need if it's used as a password), this
> only
> means it _might_ be the original string; it is completely impossible to
> determine whether it actually _is_ the original string.
>

Of course, but seen that almost every application out there only compare the
hash it doesn't really matter.

And all I was trying to do was to correct the statement that md5 was a one
way hash.

Simon

[Back to original message]