'Best' hash function?

[Stooney]

With md5 compromised and sha1 following close behind, which hashing function(s) would you guys consider the most reliable (in terms of lasting as long as possible before it's not considered secure enough to use)?

 

I'm considering either sha256 or sha512, any others that are worth considering?

 

Edit:  this is for storing user passwords in a mysql database.  And come to think of it this has nothing to do with php. 

[corbin]

How is md5 compromised?

 

 

Collisions can be created on purpose, even to make two things look the same...  Could be malicious.

 

Hash tables?  That can be done with anything.  Only takes time.  Salting = ;p.

 

[Stooney]

Collisions are easier to find with md5 hashes because the algorithm only makes one pass over the data.  Also, there's a number of rainbow tables available for a reverse md5 hash lookup.  I keep reading everywhere that it should be avoided.

 

I've also read that sha-1 is close to sharing the same fate.  Now that computers are getting faster it's getting easier to find collisions with sha1 hashes (right now it still take a $30m machine to do it a reasonable time frame, but just give it a few years). 

 

So that leaves me considering sha-2.  I'm just curious if there's any others I haven't heard of that are as good as or better than sha-2.

[genericnumber1]

as he said, just salt md5... it's what most people do with a good enough salt, it won't be in any rainbow table.

[corbin]

Collisions are [essentially] harmless with passwords.

 

 

 

Hash tables....

 

 

Making hashes that are very unlikely to be in hash tables is easy.

 

 

[Mchl]

See hash() function for some two dozens of hashing algorithms. I think that even if you're afraid of MD5, then well salted SHA1 should suffice for some time.