[EMAIL PROTECTED] wrote:
MD5 is a hasing algorithm.. one-way.. really only good for checking known
values and keeping them 'private', like storing passwords in a database. That
way, if someone breaks into your database, they don't get the passwords, only
the non-reversible MD5 hashes of the passwords.
To check a user's login credentials, you take the database value for password
and you compare it to md5($password) that the user entered and see if they
match.
So the fact that MD5 is a well known algorithm doesn't really make a difference
as far as security goes.
Except for the fact of the growing number of databases that will map the
hashes back to the clear text (for example: http://md5.benramsey.com/)
Of course it is nice because it is a common implementation, and can be
done on the server side, as well as the client side.
Then again, RSA, Blowfish, etc are well known algorithms and are considered at
least fairly secure too.. and are reversible.
-TG
= = = Original message = = =
Hi,
Does md5 really offer much in terms of protection?
The algorithm is really well known.
I would like to hear your thoughts and poosible alternatives (mcrypt?)
R.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
