md5 produces a non-readable value for the password, thus crypting it.greenhorn666 wrote:What the heck do you think you are doing?Code: Select all
$password = md5($password);
crypting the password? because you are NOT!!!
Need help with a login page problem
Moderator: General Moderators
- greenhorn666
- Forum Commoner
- Posts: 87
- Joined: Thu Aug 14, 2003 7:14 am
- Location: Brussels, Belgium
It does result in a "non-readable value for the password" in some way, while it isn't the password crypted, it is an hash value for the password...
The thing is in order to encrypt well enough you need to seed your encryption... Hence the crypt() function. You should try a lookup on google on md5 hash password encryption, and you'll see what security experts think about it... It is indeed harder than plain text password (while don't forget that the password goes uncrypted over the network), but the point in crypting password is to protect your password list (à la /etc/passwd, /etc/shadow) to get stolen. Using MD5 hash values as password isn't securing them; anyone could break them in about hours...
And 2nd point, never should 2 same password produce the same encrypted (hence the salt), and you don't get this with the MD5() alone!
I think in this case uppercase where more than welcome, secutiry doesn't come thru obscuration and when I see someone coding this I think he has to know he is doing pretty much wrong!
The thing is in order to encrypt well enough you need to seed your encryption... Hence the crypt() function. You should try a lookup on google on md5 hash password encryption, and you'll see what security experts think about it... It is indeed harder than plain text password (while don't forget that the password goes uncrypted over the network), but the point in crypting password is to protect your password list (à la /etc/passwd, /etc/shadow) to get stolen. Using MD5 hash values as password isn't securing them; anyone could break them in about hours...
And 2nd point, never should 2 same password produce the same encrypted (hence the salt), and you don't get this with the MD5() alone!
I think in this case uppercase where more than welcome, secutiry doesn't come thru obscuration and when I see someone coding this I think he has to know he is doing pretty much wrong!
