Jump to content

Recommended Posts

sha1/md5 is not encryption, it's a hashing system.

 

Hashing systems work great for passwords and such because you cant reverse it to get the original.

Security is dependent on your script against various attacks.

 

I can store my passwords in plain text, and still be secure. But I have to know a few things about it's usage environment.

1) Dedicated Server

2) Limited Remote MySQL logins (Sometimes I add remote admin users to the MySQL server)

3) I santize/validate external data that gets put into the database

 

Just because a password is encrypted/hashed does not mean secure.

 

Link to comment
https://forums.phpfreaks.com/topic/255208-password-encrypting/#findComment-1308511
Share on other sites

Yeah, but passwords can be harder to get back to its origional state than others.

 

I can decrypt a MD5 hash in seconds, so MD5 isn't too good to use on its own.

 

I know the security is about your other things, but I want to know if it's a good way to hash a password for extra security.

Link to comment
https://forums.phpfreaks.com/topic/255208-password-encrypting/#findComment-1308515
Share on other sites

It provides no real extra security, if you have issues of ppl getting the hash, than thats more of a security leak.

As I said, I can store all sorts of sensitive information in plain text, as long as I was fairly positive that my script handle the security of external data coming in was sanitized properly.

Or that data was going to be handled by non privlidged class users, than I would store data encrypted/hashed.

 

My point was that if you think that md5/sha1 provides security, it doesnt, your script provides security, md5/sha1 just provides a quick check of data without exposing the plain text data

Link to comment
https://forums.phpfreaks.com/topic/255208-password-encrypting/#findComment-1309586
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.