Re: [PHP] Is MD5 still considered safe for storing application user passwords?
- From: richard@xxxxxxx ("Richard Heyes")
- Date: Wed, 31 Dec 2008 15:26:10 +0000
Hi,
Correst me if I'm wrong... but assuming that your salt string is hard coded
into the program, with a MD5 a password + salt is no more secure then a
simple password?
Well if you store the hash by itself, if an attacker gets hold of your
hashes they could be brute forced. However with the addition of a salt
it would be largely pointless since you need both pieces (?) of
information (password plus salt) to generate the hash.
--
Richard Heyes
HTML5 Graphing for FF, Chrome, Opera and Safari:
http://www.rgraph.org (Updated December 20th)
.
- Follow-Ups:
- References:
- Is MD5 still considered safe for storing application user passwords?
- From: Murray
- Re: [PHP] Is MD5 still considered safe for storing application user passwords?
- From: Phpster
- Re: [PHP] Is MD5 still considered safe for storing application user passwords?
- From: "Richard Heyes"
- Re: [PHP] Is MD5 still considered safe for storing application user passwords?
- From: Jason Pruim
- Is MD5 still considered safe for storing application user passwords?
- Prev by Date: IE Problem Detecting Post Variables
- Next by Date: =.='' what wrong ? just simple code, however error.
- Previous by thread: Re: [PHP] Is MD5 still considered safe for storing application user passwords?
- Next by thread: Re: Is MD5 still considered safe for storing application user passwords?
- Index(es):
Relevant Pages
|
