I don't know about Joomla. But I'll try to help:
1. If you think about native MySQL user passwords, you are wrong, - MD5 isn't used for them. I think, SHA1-HMAC is. Chance to hack it is low - when you will know all algorithm details, "Brute Force" or "Attack by Dictionary" methods are applicable. You may believe that users don't think about security very much and have short or simple (to hack by Dictionary) passwords.
2. If for users into your database MD5-encrypted passwords really used (MD5, but not MD5-HMAC with unknown HMAC-Key and unknown itteration quantity!), your can find collision (native or alternative password, which will work too) for some hours:
http://www.stachliu.com.nyud.net:8090/collisions.html
One more detail:
I don't try it. But I think, you are get alternative "password" - something like "—'MVRЛ•"мТ…ёEµ_", and your application-client willn't allow it high possibility with. Time to get printable password-collision may be too much. That is why "Brute Force" or "Attack by Dictionary" methods can be more effective for this problem too.
Edited 1 time(s). Last edit at 05/08/2006 03:31PM by Yuriy Pavlutkin.