Whilst reviewing my penetration testing I have noticed that both the md5 and sha1 hashing algorithms are now considered less secure than previously thought. Migration to sha256 is encouraged:
http://www.owasp.org/index.php/Cryptography#Algorithm_Selection Then I found the comment below from: http://uk3.php.net/manual/en/function.md5.php http://md5.rednoize.com offers a service to reverse engineer md5 hashes. Very useful if you got a md5 hash and need the plain text string of this md5 hash. The website has currently over 47 million hashes stored. It also has support for SHA-1 hashes. Consequently I shall be updating my authentication class. Andy -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
