Incase you didnt know md5 isnt secure

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • RE: Incase you didnt know md5 isnt secure

      Is there another site w/o popups?
      Mr.Mike
      Author, Programmer, Brewer, Patriot
    • I didnt get any popups and... it doesnt really matter wether or not its got em... The point is i could pull an md5 hash from my database somewhere put it in the little script they have and poof my password pops out. It was bound to happen eventually.
      - Brian Wight
    • Are you trying to say that we should not use MD5 or that if you use MD5 you can get my password if I put it in? In the later case you could simply record it before hashing it.

      These sort of attacks only work if you don't use a salt. The use of a salt means that these lookups are invalid (you should not use a global salt but rather a different salt for each password). If you want an even stronger hash then apply the MD5 algorithm twice. Possibly using a different salt each time (one could be global - preferably the first applied).

      The creation of hash collisions to give two items with the same hash is different and a real problem for document/file verification. This is the problem most cryptographers mean when they talk about the vulnerability of the algorithm.
      Gamma Testing - Where testing is extended to the full user community (AKA Shipping the Program)