Page 2 of 2
Posted: Mon Jan 22, 2007 12:18 pm
by feyd
As long as you're using decent salts, I have no major problem with people continuing to use md5() or sha1() for a while longer. However as computer processing power because more and more powerful, I would suggest moving away from the more collision prone hashes to larger hashes. Equally, the more secure a site should be, the larger a hash you should be going for.
And of course, never ever ever double hash.
Posted: Mon Jan 22, 2007 12:31 pm
by shiznatix
feyd wrote:And of course, never ever ever double hash.
im gonna do it just to spite you

Posted: Mon Jan 22, 2007 12:40 pm
by Kieran Huggins
sounds like a McDonalds breakfast upgrade...
Posted: Mon Jan 22, 2007 12:45 pm
by Luke
feyd wrote:And of course, never ever ever double hash.
thanks for that feyd... I remember doing that a while back... because to me it seemed logical.

Posted: Mon Jan 22, 2007 12:49 pm
by Kieran Huggins
what's the danger in a double hash?
I presume you mean hash(hash($something))
Posted: Mon Jan 22, 2007 1:06 pm
by Mordred
Or here it is as a nursery rhyme (better fit for newbie developers, eh

) (last word is stressed)
Never-never ever-ever double-double
hash!
Posted: Mon Jan 22, 2007 1:07 pm
by Luke
I'm assuming it has something to do with the fact that a hash has less available characters so it's easier to predict or something? feyd... help me out here.

Posted: Mon Jan 22, 2007 1:30 pm
by feyd
Posted: Mon Jan 22, 2007 2:50 pm
by Kieran Huggins
feyd wrote:...I'd rather not rehash...
Isn't that what we're talking about already? rehashing?
Thanks for the links - I got it now
