I would guess that a properly salted hash would still be safe enough
for most sites. Just a hash of the password is not enough as there are
readily available hash tables where you can look up the password just
by supplying the hash.
Sha-1 is a better alternative for hashing but I would still suggest
using a salt value.
Bastien
Sent from my iPod
On Dec 30, 2008, at 9:02 PM, Murray <planetthoughtful@xxxxxxxxx> wrote:
Hi All,
I've been vaguely aware that more and more effort is going into
proving that
MD5 isn't secure anymore, but this article in particular -
http://www.win.tue.nl/hashclash/rogue-ca/ - has me wondering if MD5
is still
safe for storing hashed user passwords?
I realise that article is talking about a very different use of an
attack on
MD5, but I'm curious if other developers are still using MD5, or if
another
hashing algorithm is considered better?
Many thanks for any advice,
M is for Murray
http://www.ulblog.org
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
