md5() usage ? when it can be reversed ?
Moderator: General Moderators
-
keenlearner
- Forum Commoner
- Posts: 50
- Joined: Sun Dec 03, 2006 7:19 am
md5() usage ? when it can be reversed ?
I have come across a very good login tutorial, but I am not sure as to why when we want to store a user password into the database we have to hash the password using the function md5() and store it, instead of storing the real password into the database. I thought the md5 values can be reversed and get the real password. So what is the use of md5() function exactly ? can anyone clarify to me ? thank you.
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
It cannot be reversed. That is its benefit. You have to compare the hashed form of the submitted password to the stored hash.
If your database is compromised somehow, which is quite possible often, you do not want your users passwords to be in the wild so easily, so you hash them. Preferably you hash them with at least a one-time pad, possibly adding a static pad for extra entropy.
And before you attempt to think "if hashing once is good, hashing twice must be AWESOME!!!11!" you would be wrong. In truth, it's less secure when hashed twice.
If your database is compromised somehow, which is quite possible often, you do not want your users passwords to be in the wild so easily, so you hash them. Preferably you hash them with at least a one-time pad, possibly adding a static pad for extra entropy.
And before you attempt to think "if hashing once is good, hashing twice must be AWESOME!!!11!" you would be wrong. In truth, it's less secure when hashed twice.
-
keenlearner
- Forum Commoner
- Posts: 50
- Joined: Sun Dec 03, 2006 7:19 am
Thanks for your reply, I mean we actually can determine the real password from the hash code, such as this website http://md5.benramsey.com/
-
keenlearner
- Forum Commoner
- Posts: 50
- Joined: Sun Dec 03, 2006 7:19 am
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
Here is one of the more recent threads on the subject of hashing. It brings most of the issues into a consolidated group.
viewtopic.php?t=62782
viewtopic.php?t=62782
-
keenlearner
- Forum Commoner
- Posts: 50
- Joined: Sun Dec 03, 2006 7:19 am