Re: [PHP] Is MD5 still considered safe for storing application user passwords?
- From: apseudoutopia@xxxxxxxxx (APseudoUtopia)
- Date: Tue, 30 Dec 2008 22:21:17 -0500
On Tue, Dec 30, 2008 at 9:02 PM, Murray <planetthoughtful@xxxxxxxxx> wrote:
Hi All,
I've been vaguely aware that more and more effort is going into proving that
MD5 isn't secure anymore, but this article in particular -
http://www.win.tue.nl/hashclash/rogue-ca/ - has me wondering if MD5 is still
safe for storing hashed user passwords?
I realise that article is talking about a very different use of an attack on
MD5, but I'm curious if other developers are still using MD5, or if another
hashing algorithm is considered better?
Many thanks for any advice,
M is for Murray
http://www.ulblog.org
Yeah, it's been proven several years ago (1998 rings a bell for some
reason, but I'm not sure) that MD5 has some security vulnerabilities.
If I recall correctly, even SHA-1 has had some collision
vulnerabilities. I personally use salted SHA-512 hashes for storing my
passwords.
.
- References:
- Prev by Date: Re: [PHP] Is MD5 still considered safe for storing application user passwords?
- Next by Date: Encryption/decryption of PHP data
- Previous by thread: Re: Is MD5 still considered safe for storing application user passwords?
- Next by thread: Encryption/decryption of PHP data
- Index(es):
Relevant Pages
|
