It's just a potentially-injective function... You can use md5, sha1, shaXYZ or whatever, it's always the same concept... Salting just makes reversibility a more difficult, but if you're aiming to something more secure than hashing algorithms, well... There is nothing really fast enough to justify it (in this case) from what I know :\
Marco Pivetta http://twitter.com/Ocramius http://marco-pivetta.com On 14 October 2011 03:42, David Muir <[email protected]> wrote: > I agree, but I was under the impression that even with salt, MD5 is > useless for protecting passwords. > > Cheers, > David > > > On 10/14/2011 12:37 PM, Marco Pivetta wrote: > > The best you can do is adding some salt to it... That would make the > rainbow table discovery useless... > Marco Pivetta > http://twitter.com/Ocramius > http://marco-pivetta.com > > > > On 14 October 2011 03:34, David Muir <[email protected]> wrote: > >> MD5 is used in the example usage of /credentialTreatment/ for >> Zend_Auth_Adapter_DbTable: >> >> >> http://framework.zend.com/manual/en/zend.auth.adapter.dbtable.html#zend.auth.adapter.dbtable.advanced.advanced_usage >> >> Is this a good idea? Shouldn't something a bit more secure be used for >> passwords? >> >> Cheers, >> David >> >> > >
