I've seen md5() suggested a lot when it comes to password encryption, but
I'm wondering what the advantage is over using crypt(). Or is it just
personal preference?
- Ryan 8 15190
"Ryan Lange" <cl*********@comcast.net> wrote
in message <op**************@www.cl1mh4224rd.com>: I've seen md5() suggested a lot when it comes to password encryption,
No, you didn't. MD5 is not an encryption algorithm, it is a
hashing algorithm. Data processed by MD5 cannot be "decrypted",
unless some brute force approach is used.
Cheers,
NC
Ryan Lange wrote: I've seen md5() suggested a lot when it comes to password encryption, but I'm wondering what the advantage is over using crypt(). Or is it just personal preference?
As Nikolai says, md5 isn't a crypt but a hash algorythm.
crypt() works in the same way as md5(), one way algorythms (hash), while md5()
does only support md5-algorythm crypt() does support DES, MD5 and Blowfish (of
course depending on the system PHP is built on).
The disadvantige to use crypt(), is that the system you are developint the PHP
scripts on my support DES while the machine which you later on run the scripts
on may not support DES and then your scripts won't work properly. Otherwise
the two functions are quite the same.
//Aho
I answer this on comp.lang.php only.
On 2004-05-31, Ryan Lange <cl*********@comcast.net> wrote: I've seen md5() suggested a lot when it comes to password encryption, but I'm wondering what the advantage is over using crypt(). Or is it just personal preference?
md5() could encrypt password of an finite length, crypt() only up to 8 chars if
I remember correctly.
Bye,
phil
--
Please send replys (not followups) to the address set in Reply-To.
Philipp Kern - PK2186-RIPE - http://www.philkern.de
On 31 May 2004 02:04:38 -0700, Nikolai Chuvakhin <nc@iname.com> wrote: No, you didn't. MD5 is not an encryption algorithm, it is a hashing algorithm.
Damnit. You know what I mean... :P
- Ryan
I answer this on comp.lang.php only.
On 2004-05-31, Ryan Lange <cl*********@comcast.net> wrote: I've seen md5() suggested a lot when it comes to password encryption, but I'm wondering what the advantage is over using crypt(). Or is it just personal preference?
md5() could hash passwords of an finite length, crypt() only up to 8 chars if
I remember correctly.
Bye,
phil
--
Please send replys (not followups) to the address set in Reply-To.
Philipp Kern - PK2186-RIPE - http://www.philkern.de
"Ryan Lange" <cl*********@comcast.net> wrote
in message news:<op**************@www.cl1mh4224rd.com>... On 31 May 2004 02:04:38 -0700, Nikolai Chuvakhin <nc@iname.com> wrote:
MD5 is not an encryption algorithm, it is a hashing algorithm.
Damnit. You know what I mean... :P
Then you know the answer to your question, too; storing passwords
as MD5 hashes ensures that if they are stolen by individuals who
have acess to password storage, be they hackers or rogue system
administrators, those individuals cannot use them. Compare with
encryption, where rogue sysadmins can run unchecked...
Cheers,
NC
On 2004-06-01, Nikolai Chuvakhin <nc@iname.com> wrote: Then you know the answer to your question, too; storing passwords as MD5 hashes ensures that if they are stolen by individuals who have acess to password storage, be they hackers or rogue system administrators, those individuals cannot use them.
But they could still crack them. The advantage of crypt() is then
that the password could be longer than passwords crypted with the
standard DES algorithm in UNIX password files.
crypt() is quite easy to crack, especially when the same salts
are used everywhere. Just a matter of time and the power of the
machine the attacker uses.
Bye,
phil
--
Please send replies (not followups) to the address set in Reply-To.
Philipp Kern - PK2186-RIPE - http://www.philkern.de
On 2004-06-01, Nikolai Chuvakhin <nc@iname.com> wrote: Then you know the answer to your question, too; storing passwords as MD5 hashes ensures that if they are stolen by individuals who have acess to password storage, be they hackers or rogue system administrators, those individuals cannot use them.
But they could still crack them. The advantage of crypt() is then
that the password could be longer than passwords crypted with the
standard DES algorithm in UNIX password files.
crypt() is quite easy to crack, especially when the same salts
are used everywhere. Just a matter of time and the power of the
machine the attacker uses.
Bye,
phil
--
Please send replies (not followups) to the address set in Reply-To.
Philipp Kern - PK2186-RIPE - http://www.philkern.de This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Ronald Evers |
last post by:
Hey all,
I want to store passwords in a postgresql database. Currently I use the
MD5Password class below and I've been developing on windows. I ran into
problems when running my application on...
|
by: aars |
last post by:
Hello all,
I am creating a user administration system where system administrator
can activate services for a user, like webspace, a mail account or a
subdomain.
I now want to create a...
|
by: Fabio DONNA |
last post by:
Hello,
I'd like to store in an MS Access table some password, stored with MD5
method.
Do you know about MS Access free libraries-modules to MD crypt strings?
They must be free because DB will be...
|
by: Alexander Wehrli |
last post by:
Hi all,
Ok what I do is an application that starts Remote Desktop Connection
automatically. I do this by generating a temporary .rdp file this looks like
this:
...
|
by: Bart Schelkens |
last post by:
Hi,
I'm using an Access-database to store my data.
I'm going to encrypt the user's password using MD5.
This will give me a password as a binary of 16 long.
Does anyone know what type I need...
|
by: PJones |
last post by:
I am looking for the best way to one way encrypt a password for storage in a
database using (asp.net / vb.net)
basically I need some functions or examples that I can freely use in a
commercial...
|
by: Earl |
last post by:
I'm adding password encryption to the Employees form. I have a
strongly-typed dataset being used as the datasource for the
EmployeesBindingSource, and the Employees table set as the datamember. All...
|
by: lisles |
last post by:
hey,i have a login form wherein the take the username and password from the user and submit the form.im using burpsuite t check 4 threats.when i click on the submit button the password is visible.is...
|
by: krndhi1983 |
last post by:
In linux i am trying get grub password using /sbin/grub-md5-crypt.I got the
encrypted format. But I need to write the Encrypted string into a file.
...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |