Page 1 of 1

md5

Posted: Mon Dec 30, 2002 6:51 pm
by Sairon
I'm planning on using md5 in cookies to keep an connection between the site and client when the client has loged in. My question is if $korv = md5("blabla"); will generate the same output on my server as on another server. Another option I have considered is to encrypt it using mcrypt_encrypt but it looks a bit advanced (I don't need it to be unbreakable, just hard enough to keep most crackers away). I would like a good compromise between security and performance where performance is a bit more prefered than security. Anyway, I don't know a lot about php or encrypting so I would be very happy if someone could help me out, and perhaps there are other options which I haven't considered :).

why not use sessions?

Posted: Mon Dec 30, 2002 8:23 pm
by lostboy
sessions automatically place a cookie on the client for the duration of the session and a small file on the server to hold the session id and any session variable that you feel you need...therefore no need to pass the cookie/data to the client or encrypt it...

hth

Posted: Wed Jan 01, 2003 6:41 am
by laserlight
If you are not using sessions, then it probably depends on how you implement the system.

md5() computes a hash of the data, in this case the password.
This makes it computationally infeasible for someone to take a look at the cookie's contents and get the password, or to get the original password if that person gains access to say the database where you store the password's hash.

Posted: Wed Jan 01, 2003 9:37 pm
by hob_goblin
md5'ing a certain string will always produce the same output, no matter what server it is on.