[EMAIL PROTECTED] wrote:
MD5 is a hasing algorithm.. one-way..  really only good for checking known 
values and keeping them 'private', like storing passwords in a database.  That 
way, if someone breaks into your database, they don't get the passwords, only 
the non-reversible MD5 hashes of the passwords.

To check a user's login credentials, you take the database value for password 
and you compare it to md5($password) that the user entered and see if they 
match.

So the fact that MD5 is a well known algorithm doesn't really make a difference 
as far as security goes.
Except for the fact of the growing number of databases that will map the hashes back to the clear text (for example: http://md5.benramsey.com/) Of course it is nice because it is a common implementation, and can be done on the server side, as well as the client side.

Then again, RSA, Blowfish, etc are well known algorithms and are considered at 
least fairly secure too.. and are reversible.

-TG


= = = Original message = = =

Hi,

Does md5 really offer much in terms of protection?

The algorithm is really well known.

I would like to hear your thoughts and poosible alternatives (mcrypt?)

R.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to