Well, if you're interested in some greater level of security where you
can decrypt, you might want to check out rijndael encryption (a type of
AES). Shane Kretzmann wrote a good rijndael php class that I think is
still on phpclasses.
It can be a bit difficult working with binary passwords, but if you
really need security, it seems like one of the better options.
I've been testing it myself, and the only issue I see is, of course:
keeping the key secret. I've been looking at a few methods, but I'm
always interested in others ideas on that issue.
Regards,
J. Hill
Cristian Vrabie wrote:
It's true md5 is very old but is not completely obsolete. Used in
combination with a random salt is still hard to decode.
Maybe i won't use it as encryption for passwords any more but I would
use it for digital signature or data integrity check.
sublimino@xxxxxxxxx wrote:
Whilst reviewing my penetration testing I have noticed that both the
md5 and sha1 hashing algorithms are now considered less secure than
previously thought. Migration to sha256 is encouraged:
http://www.owasp.org/index.php/Cryptography#Algorithm_Selection
Then I found the comment below from:
http://uk3.php.net/manual/en/function.md5.php
http://md5.rednoize.com offers a service to reverse engineer md5
hashes. Very useful if you got a md5 hash and need the plain text
string of this md5 hash. The website has currently over 47 million
hashes stored. It also has support for SHA-1 hashes.
Consequently I shall be updating my authentication class.
Andy
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
