http://qs1969.pair.com?node_id=207079


in reply to Re: Re(3): Filtering potentially dangerous URI schemas in <a href="...">
in thread Filtering potentially dangerous URI schemas in <a href="...">

By the way, just to make the point, it's very easy to crack hashed passwords. This password was hashed using DES (not MD5, which is harder), and took a mere 21 hours to crack. msg me if you really don't believe me that I got it.

But it doesn't matter how long it take to crack passwords. Since it involves NO manual effort, I could have left it running for weeks, until it eventually cracked. Saying "it's too difficult to do for the vast majority of hackers", is just plain wrong. It's very very very simple to do.

That's why you never want your hashed passwords reveiled. Aside from the fact, as dog an pony showed, that sometimes you don't need to crack the hash in order to use it. Also, do you really keep seperate passwords on each site you go to? A lot of people don't.

-- Dan