Re: [PHP] Is MD5 still considered safe for storing application user passwords?
- From: phpster@xxxxxxxxx (Phpster)
- Date: Tue, 30 Dec 2008 21:23:50 -0500
I would guess that a properly salted hash would still be safe enough for most sites. Just a hash of the password is not enough as there are readily available hash tables where you can look up the password just by supplying the hash.
Sha-1 is a better alternative for hashing but I would still suggest using a salt value.
Bastien
Sent from my iPod
On Dec 30, 2008, at 9:02 PM, Murray <planetthoughtful@xxxxxxxxx> wrote:
Hi All,.
I've been vaguely aware that more and more effort is going into proving that
MD5 isn't secure anymore, but this article in particular -
http://www.win.tue.nl/hashclash/rogue-ca/ - has me wondering if MD5 is still
safe for storing hashed user passwords?
I realise that article is talking about a very different use of an attack on
MD5, but I'm curious if other developers are still using MD5, or if another
hashing algorithm is considered better?
Many thanks for any advice,
M is for Murray
http://www.ulblog.org
- Follow-Ups:
- Re: [PHP] Is MD5 still considered safe for storing application user passwords?
- From: "Richard Heyes"
- Re: [PHP] Is MD5 still considered safe for storing application user passwords?
- References:
- Prev by Date: Re: Is MD5 still considered safe for storing application user passwords?
- Next by Date: Re: [PHP] Is MD5 still considered safe for storing application user passwords?
- Previous by thread: Re: Is MD5 still considered safe for storing application user passwords?
- Next by thread: Re: [PHP] Is MD5 still considered safe for storing application user passwords?
- Index(es):
Relevant Pages
|
