On Tue, Dec 30, 2008 at 9:02 PM, Murray <planetthoughtful@xxxxxxxxx> wrote: > Hi All, > > I've been vaguely aware that more and more effort is going into proving that > MD5 isn't secure anymore, but this article in particular - > http://www.win.tue.nl/hashclash/rogue-ca/ - has me wondering if MD5 is still > safe for storing hashed user passwords? > > I realise that article is talking about a very different use of an attack on > MD5, but I'm curious if other developers are still using MD5, or if another > hashing algorithm is considered better? > > Many thanks for any advice, > > M is for Murray > http://www.ulblog.org > Yeah, it's been proven several years ago (1998 rings a bell for some reason, but I'm not sure) that MD5 has some security vulnerabilities. If I recall correctly, even SHA-1 has had some collision vulnerabilities. I personally use salted SHA-512 hashes for storing my passwords. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
