From: Peter Lind > On 24 August 2010 15:43, Gary <php-gene...@garydjones.name> wrote: >> Jan G.B. wrote: >> >>> The weakness of MD5 is mainly because MD5 collisions are possible. >>> That means, that different strings can have the same MD5-hash... >> >> http://en.wikipedia.org/wiki/MD5#cite_note-1 > > It's worth noting that that essentially does not touch upon whether or > not MD5 can be considered safe or not as a means to store password > information. The researchers have discovered ways of crafting inputs > to easily find colliding hashes - they have not discovered any easy > means to craft an input that will collide with a given hash.
That's a simple matter of brute force, which can be done once and saved for instant use later. However, putting a salt into your algorithm pretty much eliminates the chances of success using that attack. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
