Jump to content

[SOLVED] MD5 Broken?

notepad

By notepad
in PHP Coding Help

 Share

Recommended Posts

notepad Member

notepad

Posted
Posted

Hmm... I just read the MD5 entry on Wikipedia, and it says MD5 is broken and collisions happen.  I always thought the MD5 was fine, until I read this... So now I wan't to upgrade.  On Wikipedia it talked about SHA-1, so I read about it, but it is broken also.  It said that SHA512 is still fine, and hasn't been broken yet... But I can't find any SHA512 PHP function anywhere, I looked on Yahoo and Google -- Nothing.  Does PHP not support SHA512 yet?

 

http://en.wikipedia.org/wiki/MD5

 

Also, once I upgrade to SHA512 (if I can with PHP), what should I modify my database to?  Currently my password field is set for "varchar(32) default NULL", what would be the proper setting for the SHA512 function?

 

Thanks!

Link to comment
Share on other sites
btherl Member

btherl

Posted
Posted

What is your application?  Authenticating files or obfuscating passwords?

 

The attack described in the article demonstrates that MD5 cannot effectively authenticate files, but it doesn't show any weakness in MD5 as used for obfuscating passwords.

Link to comment
Share on other sites
notepad Member

notepad

Posted
  • Author
Posted

So md5 is not secure anymore?

 

Not sure... Thats what I'm trying to find-out.

 

What is your application?  Authenticating files or obfuscating passwords?

 

The attack described in the article demonstrates that MD5 cannot effectively authenticate files, but it doesn't show any weakness in MD5 as used for obfuscating passwords.

 

I am writing a PHP login script, and have been using it for that.

Link to comment
Share on other sites
btherl Member

btherl

Posted
Posted

Then you've got no problem, as long as you use a salt to avoid the "rainbow table" method described in the wikipedia article.  The attack described in wikipedia is for the situation where you are using an MD5 hash to verify a file, and someone is attempting to create a different file with the same MD5 hash.

Link to comment
Share on other sites
mmarif4u Regular Member

mmarif4u

Posted
Posted

Last night my research on Md5 is come over,

I get some points, that md5 is not broken.

It is still secure hash.

Secondly i will come to notepad ur SHA512 hash, PHP 5 and above support this hash.

 

If u have php 5 and above installed then just try this code and u will see it is in php.

 

<?php
print_r(hash_algos());
?>

 

but remember it is 128 character string so u have to change ur field length to char(128).

 

other u can use md5 still for ur login scripts.

Other info i wana to share with u guys,

Hashes are design to _not_ be reversible. If you want something reversible, you need to look into encryption.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.