md5

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Sairon
Forum Newbie
Posts: 4
Joined: Mon Dec 30, 2002 6:51 pm

md5

Post by Sairon »

I'm planning on using md5 in cookies to keep an connection between the site and client when the client has loged in. My question is if $korv = md5("blabla"); will generate the same output on my server as on another server. Another option I have considered is to encrypt it using mcrypt_encrypt but it looks a bit advanced (I don't need it to be unbreakable, just hard enough to keep most crackers away). I would like a good compromise between security and performance where performance is a bit more prefered than security. Anyway, I don't know a lot about php or encrypting so I would be very happy if someone could help me out, and perhaps there are other options which I haven't considered :).
lostboy
Forum Contributor
Posts: 329
Joined: Mon Dec 30, 2002 8:12 pm
Location: toronto,canada

why not use sessions?

Post by lostboy »

sessions automatically place a cookie on the client for the duration of the session and a small file on the server to hold the session id and any session variable that you feel you need...therefore no need to pass the cookie/data to the client or encrypt it...

hth
laserlight
Forum Commoner
Posts: 28
Joined: Wed Jan 01, 2003 6:41 am

Post by laserlight »

If you are not using sessions, then it probably depends on how you implement the system.

md5() computes a hash of the data, in this case the password.
This makes it computationally infeasible for someone to take a look at the cookie's contents and get the password, or to get the original password if that person gains access to say the database where you store the password's hash.
User avatar
hob_goblin
Forum Regular
Posts: 978
Joined: Sun Apr 28, 2002 9:53 pm
Contact:

Post by hob_goblin »

md5'ing a certain string will always produce the same output, no matter what server it is on.
Post Reply