FYI md5 is totally cracked. It can be broken in a matter of seconds these days. Try other forms of 1 way encryption. Salt heavily. If you are really paranoid, encrypt twice in two different ways.
But a good strong atypical one way encryption should be good enough. Even md5 should be enough if you code defensively and mitigate SQL injection vulnerabilities. Be careful. Many forms of encryption do NOT produce the same value each time. (Why is a topic of great length) So don't use any old form of encryption without research. As for your boss. He is not a security specialist, clearly, and his ideas are the very reason that security specialists have to exist. Security isn't always intuitive. Let him know that what he would like you to do is malpractice. That doing so, and the discovery of said actions after mass identity theft as a result of it, would subject you, and him, to legal ramifications. The kind that cost your company, and indeed potentially yourselves MASSIVE financial damages. Not to mention it being a potential career ender. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Posted from the new ixda.org http://www.ixda.org/discuss?post=43289 ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [email protected] Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help
