Hi !
generally no of course :) nobody can't :) But there is some strange magic in that 3 symbols - MD5 :) Everybody trying to ise it in all possible and impossible places and beleive that more md5==more protection :) Whereas:
using md5 on client side and sending accross network passwors in md5 == storing not crypted plan text passwords in DB
It is easy to understand why (but for example i am lost too much time before understanding :)
paranoid authentication system :) Criticize needed.
Moderator: General Moderators
Hi Polar,
I just wanted to say that I hear what you're getting at about everybody thinking that md5 is this magic thing. By itself, it's good, but what we realize is that by itself, it's not enough. But don't throw the baby out with the bath water. There are a lot of things that need to be done in conjunction with the use of md5. The amount of thought that you've put into the system as a whole is impressive! On the other hand, all i've done is focus squarely on login security and an alternative to PHP's built in sessions.
So, you are more than 100% correct when you say that md5 is thought of too highly. It's just a start. It must be part of a system as a whole.
Later on,
BDKR
I just wanted to say that I hear what you're getting at about everybody thinking that md5 is this magic thing. By itself, it's good, but what we realize is that by itself, it's not enough. But don't throw the baby out with the bath water. There are a lot of things that need to be done in conjunction with the use of md5. The amount of thought that you've put into the system as a whole is impressive! On the other hand, all i've done is focus squarely on login security and an alternative to PHP's built in sessions.
So, you are more than 100% correct when you say that md5 is thought of too highly. It's just a start. It must be part of a system as a whole.
Later on,
BDKR
- hob_goblin
- Forum Regular
- Posts: 978
- Joined: Sun Apr 28, 2002 9:53 pm
- Contact:
It's most correct to say that md5 is a hashing algorthm. Not encryption. Things like md5, sha1, sha2, and haval are great for hashing. If you are so interested, check out this page.hob_goblin wrote:also, md5 is just a simple way to encrypt, we could all use crypt() or other functions to do it... but md5 seems the most popular
http://www.mirrors.wiretapped.net/secu ... y/hashes/
Of course, this is all in C, but it's interesting to look at it. Not having to define vars in php sure is nice.
Later on,
BDKR
Hi all!
Just want to say that beta 0.96 is available for downloading from http://polar-lights.com/hackerhunter/ and for looking inside
Just want to say that beta 0.96 is available for downloading from http://polar-lights.com/hackerhunter/ and for looking inside