Re: Is MD5 still considered safe for storing application user passwords?
- From: SLerman <smlerman@xxxxxxxxx>
- Date: Wed, 31 Dec 2008 08:13:16 -0800 (PST)
On Dec 31, 10:26 am, rich...@xxxxxxx ("Richard Heyes") wrote:
Hi,
Correst me if I'm wrong... but assuming that your salt string is hard coded
into the program, with a MD5 a password + salt is no more secure then a
simple password?
Well if you store the hash by itself, if an attacker gets hold of your
hashes they could be brute forced. However with the addition of a salt
it would be largely pointless since you need both pieces (?) of
information (password plus salt) to generate the hash.
--
Richard Heyes
HTML5 Graphing for FF, Chrome, Opera and Safari:http://www.rgraph.org(Updated December 20th)
It also benefits users that use the same password for multiple sites.
If each site uses a different salt, a collision on one site will not
be a collision on the other sites.
.
- References:
- Is MD5 still considered safe for storing application user passwords?
- From: Murray
- Re: [PHP] Is MD5 still considered safe for storing application user passwords?
- From: Phpster
- Re: [PHP] Is MD5 still considered safe for storing application user passwords?
- From: "Richard Heyes"
- Re: [PHP] Is MD5 still considered safe for storing application user passwords?
- From: Jason Pruim
- Re: [PHP] Is MD5 still considered safe for storing application user passwords?
- From: "Richard Heyes"
- Is MD5 still considered safe for storing application user passwords?
- Prev by Date: Re: [PHP] Is MD5 still considered safe for storing application user passwords?
- Next by Date: Re: [PHP] Re: Webhotel structure
- Previous by thread: Re: [PHP] Is MD5 still considered safe for storing application user passwords?
- Next by thread: Re: [PHP] Is MD5 still considered safe for storing application user passwords?
- Index(es):
Relevant Pages
|
