For a bank? No, MD5 would not be acceptable.
For you gramma's blog? Sure, MD5 for passwords is fine.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Hi,
> Correst me if I'm wrong... but assuming that your salt string is hard coded
> into the program, with a MD5 a password + salt is no more secure then a
> simple password?
Well if you store the hash by itself, if an attacker gets hold of your
hashes they could be brute forced. However with the
Well, the idea would be to allow the person downloading and implementing the
application to choose their own salt value. That way, in theory, each
implementation of the application will be salting the hash algorithm with a
different value.
I guess, if you really wanted to get tricky, you could pro
On Dec 31, 2008, at 5:36 AM, Richard Heyes wrote:
Hi,
...
You should also take into account how crucial your data is. If it's
nuclear launch codes I would say that you can't get enough security.
Howver if it's an admin system for Bobs local grocery store, then as
"Phpster" suggested, a salt
MD5 still considered safe for storing application user
passwords?
Hi,
> ...
You should also take into account how crucial your data is. If it's
nuclear launch codes I would say that you can't get enough security.
Howver if it's an admin system for Bobs local grocery store, then as
&
Hi,
> ...
You should also take into account how crucial your data is. If it's
nuclear launch codes I would say that you can't get enough security.
Howver if it's an admin system for Bobs local grocery store, then as
"Phpster" suggested, a salted hash may well be enough. For example,
you could use
On Tue, Dec 30, 2008 at 9:02 PM, Murray wrote:
> Hi All,
>
> I've been vaguely aware that more and more effort is going into proving that
> MD5 isn't secure anymore, but this article in particular -
> http://www.win.tue.nl/hashclash/rogue-ca/ - has me wondering if MD5 is still
> safe for storing h
I would guess that a properly salted hash would still be safe enough
for most sites. Just a hash of the password is not enough as there are
readily available hash tables where you can look up the password just
by supplying the hash.
Sha-1 is a better alternative for hashing but I would stil
Hi All,
I've been vaguely aware that more and more effort is going into proving that
MD5 isn't secure anymore, but this article in particular -
http://www.win.tue.nl/hashclash/rogue-ca/ - has me wondering if MD5 is still
safe for storing hashed user passwords?
I realise that article is talking ab
9 matches
Mail list logo