Re: [PHP] Is MD5 still considered safe for storing application user passwords?

From: ceo@xxxxxxxxx
Date: 31 Dec 2008 16:12:35 -0000

For a bank? No, MD5 would not be acceptable.

For you gramma's blog? Sure, MD5 for passwords is fine.

.

Prev by Date: Re: [PHP] IE Problem Detecting Post Variables
Next by Date: Re: Is MD5 still considered safe for storing application user passwords?
Previous by thread: =.='' what wrong ? just simple code, however error.
Next by thread: Re: [PHP] Encryption/decryption of PHP data
Index(es):
- Date
- Thread

Relevant Pages

Re: secure login form
... For my point of view I'm thinking of using md5 passwords in db. ... If you want the avoid the man-in-the-middle eavesdropping on you: Then you need https, ... If you are afraid the username/password you store in your database is hacked somehow, then it can make sense to store them with an md5 hash, which is one-way encryption indeed. ... (You can propagate the sessionid from http to https via a form, and let the receiving script use that sessionid for its https session. ...
(comp.lang.php)
Re: secure login form
... For my point of view I'm thinking of using md5 passwords in db. ... If you want the avoid the man-in-the-middle eavesdropping on you: Then you need https, ... If you are afraid the username/password you store in your database is hacked somehow, then it can make sense to store them with an md5 hash, which is one-way encryption indeed. ... (You can propagate the sessionid from http to https via a form, and let the receiving script use that sessionid for its https session. ...
(comp.lang.php)
Re: Time-to-crack MD5 passwords
... ]>]> customer of, regarding the length of passwords. ... ]> The md5 passwords do not use just md5. ... ]> use an arbitrary length string-- you are not limited to 8 characters. ...
(comp.security.misc)
Re: Current thoughts on system partitioning
... > Just to use my specific example, I've built a server with two 160 GB ... In my experience, SuSE by default installs DES encryption for passwords, ... you can switch the SuSE to MD5 ...
(comp.os.linux.misc)
Re: [PHP] md5
... It is likely possible to find alternate passwords if the md5 is known - if a user can get a hold of your md5'ed passwords, they may be able to come up with another password that will create the same MD5 hash, thus would be capable of logging in to the system. ... I'd much rather have an algorithm that is well known, well analysed and *still* secure over an unknown and untested algorithm. ...
(php.general)