: Is the php method md5() secure? Can it be used for passwords? So executing a php script causes the form values to be sent to the server, and then they are processed. If you want to store
So executing a php script causes the form values to be sent to the server, and then they are processed.
If you want to store a password in your db than you want it to be a cryptographic hash(so your client side is secure, can you generate an md5 using php securely( without submitting the user:password pair in the clear), or is there an alternative standard method of doing this, without having the unecrypted pasword leaving the clients machine?
Sorry if this is a stupid question I'm kind of new at this.
I think this can be done somehow using https, and on that note if a site's login page does not use https, does that mean that while the databse storage is secure, the transportation is not?
More posts by @Ogunnowo487
1 Comments
Sorted by latest first Latest Oldest Best
The PHP function MD5() is secure. But using MD5() for hashing passwords is not secure. Hackers have created rainbow tables which are MD5 hashes of all passwords up to 12 characters in length. So instead of having to try to "crack" a hash they only need to do a quick SQL query and it's broken.
That's why you should be using stronger hash algorithms like SHA256 or SHA512 with a salt. Or, better yet, use bcrypt which is intentionally slow which makes brute force attempts to break a password impractical.
Or, better yet, use a tried and true solution. Try Openwall's phpass. It's used by Wordpress, Drupal, and more.
FYI, SSL only encrypts the transmission of information over HTTP. It doesn't hash or encrypt anything permanently.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.