Re: Is MD5 still considered safe for storing application user passwords?
- From: SLerman <smlerman@xxxxxxxxx>
- Date: Tue, 30 Dec 2008 18:10:54 -0800 (PST)
On Dec 30, 9:02 pm, planetthought...@xxxxxxxxx (Murray) wrote:
Hi All,
I've been vaguely aware that more and more effort is going into proving that
MD5 isn't secure anymore, but this article in particular -http://www.win.tue.nl/hashclash/rogue-ca/- has me wondering if MD5 is still
safe for storing hashed user passwords?
I realise that article is talking about a very different use of an attack on
MD5, but I'm curious if other developers are still using MD5, or if another
hashing algorithm is considered better?
Many thanks for any advice,
M is for Murrayhttp://www.ulblog.org
Finding collisions for md5 takes a relatively short amount of time,
and there are even some methods that have been reported to be able to
get a colliding string directly from the hash. Especially in PHP,
since the function is built-in anyway, you should use sha1 instead.
.
- References:
- Prev by Date: Is MD5 still considered safe for storing application user passwords?
- Next by Date: Re: [PHP] Is MD5 still considered safe for storing application user passwords?
- Previous by thread: Is MD5 still considered safe for storing application user passwords?
- Next by thread: Re: [PHP] Is MD5 still considered safe for storing application user passwords?
- Index(es):
Relevant Pages
|
