Code Forums - View Single Post

jiminoc · 06-28-2005, 05:00 PM

If you're going to MD5 also remember to use a SALT and keep the salt above the webroot if you can
$salt = "pHpi$fUn99";
like $secretHash = md5($string.$salt);

md5 can be brute forced with dictionary attacks and have pretty good success... like if your users uses the password "home" someone could crack your passwords fairly easily. If you add a salt the chances of them guessing the password PLUS the salt is pretty darn slim.

and as the other user stated above MD5 is one way, so you can only do if(md5($string) === md5($string2))

06-28-2005, 05:00 PM	#6 (permalink)
jiminoc Registered User Join Date: Jun 2005 Posts: 2	If you're going to MD5 also remember to use a SALT and keep the salt above the webroot if you can $salt = "pHpi$fUn99"; like $secretHash = md5($string.$salt); md5 can be brute forced with dictionary attacks and have pretty good success... like if your users uses the password "home" someone could crack your passwords fairly easily. If you add a salt the chances of them guessing the password PLUS the salt is pretty darn slim. and as the other user stated above MD5 is one way, so you can only do if(md5($string) === md5($string2))