"Stefan Roehrich" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > On 2002-02-17 17:35:26, André Nęss wrote: > > nice though, just to tell people about other hashing functions. Maybe there > > should also be a mention of the fact that MD5 is fairly easy to crack? > > Can you give some references? > > Yes, MD5 does have some weaknesses (so SHA1 would probably be better), > but as far as I know it's not "fairly easy to crack". (I must search > the Dobbertin paper, which probably found the first serious design > flaws in MD4, but IMHO no real attacks in practice until now for > MD5. Are there any newer papers about this?)
I just read some general discussions on the topic in misc. security related boards and got the impression that the consensus was that MD5 should be phased out and replaced by SHA-1. Also have a look at the URL in my reply to Christian Stockner. It is my impression that SHA-1 can't be easily cracked using brute-force, which is viable with MD5, and thus MD5 should be replaced by SHA-1. I might of course have misunderstood as this is not my field of expertise. André Nęss -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php