> > On 6/3/08, Otto Moerbeek <[EMAIL PROTECTED]> wrote: > > > Ted, I think you are confusing matters. > > > > > > md5 is a cryptographic hash, it surely transforms text into bit soup, > > > but that is not not the same a an encryption function. For an > > > encryption function, you want to have a corresponding computationally > > > feasable decryption function. For hashes you're better off if no such > > > function exists. Also, many texts have the same md5 output. For an > > > encryption function that would be a major problem. > > > > Indeed. I interpreted the use of the word "still" to be a question > > regarding the security or strength of MD5, not the nature of the > > mechanism. > > Oh, in that case I'd think md5 is still a reasonably good as a pasword hash,
No, it is terrible. It is too fast. You can screw around and wrap a bunch of balony layers around it, but it is still going to be too fast. If you actually wanted to do things right, look at our bcrypt. It was designed.
