At 10:40 AM -0500 1/17/07, <tg-php@xxxxxxxxxxxxxxxxxxxxxx> wrote:
MD5 is a hasing algorithm.. one-way.. really only good for checking
known values and keeping them 'private', like storing passwords in a
database. That way, if someone breaks into your database, they
don't get the passwords, only the non-reversible MD5 hashes of the
passwords.
To check a user's login credentials, you take the database value for
password and you compare it to md5($password) that the user entered
and see if they match.
That's also the way hackers break it, namely take the hash and use a
reverse dictionary to look-up the password. While the MD5 hash is
non-reversible, it produces a unique string.
If people use simple passwords, then the hash is pretty simple to
break. As people become more aware of how simple it is to break their
passwords, their passwords will become more complex. However, reverse
dictionaries will also become larger as processing speeds increase --
and the cycle continues.
So, the amount of security that MD5 provides is really dependant upon the user.
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
