On 10/14/05, Dan McCullough <dan.mccullough@xxxxxxxxx> wrote:> some logic and information.> set the cookie to expire after 120 days or so, or never. you will> have to set a cookie with the username and password, preferably a md5> encrypted password. also remember to have the logout function to> remember those cookies. I wouldn't use md5 on anything even slightly important. Since theinitial hash collision discoveries were made earlier this year, md5look-up sites are starting to pop up:http://md5.crysm.net/http://passcracking.com/ For those wanting to get up to speed on md5 history and the currenthash collisions work being done:http://en.wikipedia.org/wiki/Md5 Md5 has been adequate for 15 or so years, but now it's time to move on. Disclaimer: There are only 5 or 6 people in the entire world who knowanything about encryption. I am not one of them. --Greg DonaldZend Certified EngineerMySQL Core Certificationhttp://destiney.com/
