tg-php@xxxxxxxxxxxxxxxxxxxxxx wrote:
MD5 is a hasing algorithm.. one-way.. really only good for checking known values and keeping them 'private', like storing passwords in a database. That way, if someone breaks into your database, they don't get the passwords, only the non-reversible MD5 hashes of the passwords.
To check a user's login credentials, you take the database value for password and you compare it to md5($password) that the user entered and see if they match.
So the fact that MD5 is a well known algorithm doesn't really make a difference as far as security goes.
Except for the fact of the growing number of databases that will map the
hashes back to the clear text (for example: http://md5.benramsey.com/)
Of course it is nice because it is a common implementation, and can be
done on the server side, as well as the client side.
Then again, RSA, Blowfish, etc are well known algorithms and are considered at least fairly secure too.. and are reversible.
-TG
= = = Original message = = =
Hi,
Does md5 really offer much in terms of protection?
The algorithm is really well known.
I would like to hear your thoughts and poosible alternatives (mcrypt?)
R.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
