View previous topic :: View next topic |
Author |
Message |
cmxflash -
Joined: 11 Dec 2004 Posts: 872
|
Posted: Mon Aug 08, 2005 8:13 am Post subject: MD5 or SHA1? |
|
|
Okay, so I'm about to rebuild my console (http://cmx.winxtreme.se/console).
This time with cookies instead of saving the password in the source with a hidden input (noobie, I know).
So anyway, I'm going to use either MD5 or SHA1.
Which one is the most secure?
Edit:
Nevermind, I use MD5 now. Works great. It's impossible to steal the password if you have signed out. |
|
Back to top |
|
|
Anonymoose -
Joined: 09 Sep 2003 Posts: 2192
|
Posted: Mon Aug 08, 2005 9:05 am Post subject: |
|
|
For reference, both MD5 and SHA1 are open to 'collision' attacks, where the hash of 2 different inputs may end up with the same - but in terms of someone making an attack on your personal server, rather than say the NSA and all their computing power attempting to break the hash to access critical encrypted files, neither is realistically achievable in a short time frame. Of the two, SHA1 is considered slightly less broken than MD5.
This site has a good discussion and examples of MD5 collision attacks in action...
http://www.cits.rub.de/MD5Collisions/ _________________
"Invent an idiot proof webserver and they'll invent a better idiot..." |
|
Back to top |
|
|
cmxflash -
Joined: 11 Dec 2004 Posts: 872
|
Posted: Mon Aug 08, 2005 6:09 pm Post subject: |
|
|
I'll just use both :)
Code: | $password = "some password";
$password = md5($password);
$password = sha1($password); |
|
|
Back to top |
|
|
k1ll3rdr4g0n -
Joined: 04 Jul 2004 Posts: 609
|
Posted: Mon Aug 08, 2005 9:55 pm Post subject: |
|
|
cmxflash wrote: | I'll just use both :)
Code: | $password = "some password";
$password = md5($password);
$password = sha1($password); |
|
You could do what Abyss does use base64 and md5. Or reverse the string and md5 it, I've seen that in one of my scripts. _________________
|
|
Back to top |
|
|
TRUSTAbyss -
Joined: 29 Oct 2003 Posts: 3752 Location: USA, GA
|
Posted: Mon Aug 08, 2005 10:43 pm Post subject: |
|
|
You can get even more crazy and use md5 + gzinflate + sha1 + base64 and
your guranteed that no one will break such an encryption , isn't that better ?
I haven't tried it but it may turn out to look Alien lol. |
|
Back to top |
|
|
|