On 2002-02-17 19:31:40, André Nęss wrote:
> I just read some general discussions on the topic in misc. security related
> boards and got the impression that the consensus was that MD5 should be
> phased out and replaced by SHA-1.
That may be true for some new applications (where you can use
mhash). But PHP needs MD5, because it's used in various applications,
so PHP has to cooperate.
> Also have a look at the URL in my reply to Christian Stockner. It is
> my impression that SHA-1 can't be easily cracked using brute-force,
> which is viable with MD5, and thus MD5 should be replaced by SHA-1.
That's a simple brute force attack (using the well known birthday
"attack" which is appliable for nearly every hash like function).
And as they write on their web page: "The problem is not at all in the
MD5 algorithm in itself but in the manner application are using
it. MD5 was not defined for authentication purpose and give no real
security against data compromision."
So it's not a flaw in the MD5 algorithm itself (yes, today it should
probably support bigger hashes, there are already variants of SHA1,
which have longer hashes), but rather in using MD5 for small guessable
things like passwords without any salt or similar. Today you probably
should go to longer key and hash sizes, but I think MD5 is still a lot
better than old unix crypt.
Stefan
--
Stefan Röhrich [EMAIL PROTECTED], [EMAIL PROTECTED]
http://www.roehri.ch/~sr/
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
