On Fri, Nov 28, 2008 at 12:30 AM, Lyle <[EMAIL PROTECTED]> wrote: > I'm wondering if MD5 is the best way to go? I know max was talking about > encryption at the last meet...
Now that MD5 is considered partially insecure[1], I'd recommend using SHA1. Also, I'd suggest you use a salt [2] in the key you are trying to generate. The salt being basically a random string. md5(id . password) is relatively easy to break with bruteforce (by just trying all numbers and words, etc) while sha1(id . random_string . password) is an order of magnitude more secure. Cheers -- Andy Gale 1. http://web.archive.org/web/20070604205756/http://www.infosec.sdu.edu.cn/paper/md5-attack.pdf 2. http://en.wikipedia.org/wiki/Salt_(cryptography) _______________________________________________ BristolBathPM mailing list [email protected] http://mailman.bristolbath.org/mailman/listinfo/bristolbathpm
