It's true md5 is very old but is not completely obsolete. Used in
combination with a random salt is still hard to decode.
Maybe i won't use it as encryption for passwords any more but I would
use it for digital signature or data integrity check.
sublimino@xxxxxxxxx wrote:
Whilst reviewing my penetration testing I have noticed that both the
md5 and sha1 hashing algorithms are now considered less secure than
previously thought. Migration to sha256 is encouraged:
http://www.owasp.org/index.php/Cryptography#Algorithm_Selection
Then I found the comment below from:
http://uk3.php.net/manual/en/function.md5.php
http://md5.rednoize.com offers a service to reverse engineer md5
hashes. Very useful if you got a md5 hash and need the plain text
string of this md5 hash. The website has currently over 47 million
hashes stored. It also has support for SHA-1 hashes.
Consequently I shall be updating my authentication class.
Andy
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
