nickk Posted March 22, 2010 Share Posted March 22, 2010 Hi, I remember hearing that MD5 isn't extremely secure (when used to hash passwords stored in the DB). Whats the general consensus now? Is sha1 + salt sufficient? Thanks Quote Link to comment https://forums.phpfreaks.com/topic/196113-whats-the-general-consensus-on-password-hashing/ Share on other sites More sharing options...
Psycho Posted March 22, 2010 Share Posted March 22, 2010 There have been numerous posts on this issue in the past. Just search if you are interested in reading them. THe bottom line is that MD5() is perfectly fine for password hashing - just use a salt, just like you would for any other algorithym. Those who state that MD5() has been "cracked" do so based upon the existence of rainbow (i.e. lookup/dictionary) tables. Anyone can create a table of hashed values using any algorithym for known values. That is why it is important for users to use "strong" passwords. The more complex a password becomes, the probability that the value is NOT in a lookup table raises exponentially. Quote Link to comment https://forums.phpfreaks.com/topic/196113-whats-the-general-consensus-on-password-hashing/#findComment-1029960 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.