> -----Original Message-----
>
> Without knowing the correct password there is no way of
> knowing that the
> collision isn't it, and from a practical point of view it
> doesn't matter
> in the slightest.
It matters if the purpose of the "cracking" isn't to allow an attacker
to log into the system, but to recover lost passwords for legitimate
purposes. No one needs to tell me this is a bad idea, I was just looking
to find out how bad it is in this particular regard.
-------------------------------------------------------------------------------
Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. See for yourself.
Download AppScan 6.0 today.
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
-------------------------------------------------------------------------------
Received on Jan 07 2006
Intro
