FAQ  |  Search  |  Register  |  Profile  |  Log in to check your private messages  |  Log in
MD5 or SHA1?

 
Post new topic   Reply to topic    Aprelium Forum Index -> PHP
View previous topic :: View next topic  
Author Message
cmxflash
-


Joined: 11 Dec 2004
Posts: 872
PostPosted: Mon Aug 08, 2005 8:13 am    Post subject: MD5 or SHA1? Reply with quote
Okay, so I'm about to rebuild my console (http://cmx.winxtreme.se/console).

This time with cookies instead of saving the password in the source with a hidden input (noobie, I know).

So anyway, I'm going to use either MD5 or SHA1.
Which one is the most secure?

Edit:

Nevermind, I use MD5 now. Works great. It's impossible to steal the password if you have signed out.
Back to top View user's profile Send private message
Anonymoose
-


Joined: 09 Sep 2003
Posts: 2192
PostPosted: Mon Aug 08, 2005 9:05 am    Post subject: Reply with quote
For reference, both MD5 and SHA1 are open to 'collision' attacks, where the hash of 2 different inputs may end up with the same - but in terms of someone making an attack on your personal server, rather than say the NSA and all their computing power attempting to break the hash to access critical encrypted files, neither is realistically achievable in a short time frame. Of the two, SHA1 is considered slightly less broken than MD5.

This site has a good discussion and examples of MD5 collision attacks in action...

http://www.cits.rub.de/MD5Collisions/
_________________

"Invent an idiot proof webserver and they'll invent a better idiot..."
Back to top View user's profile Send private message
cmxflash
-


Joined: 11 Dec 2004
Posts: 872
PostPosted: Mon Aug 08, 2005 6:09 pm    Post subject: Reply with quote
I'll just use both :)

Code:
$password = "some password";
$password = md5($password);
$password = sha1($password);
Back to top View user's profile Send private message
k1ll3rdr4g0n
-


Joined: 04 Jul 2004
Posts: 609
PostPosted: Mon Aug 08, 2005 9:55 pm    Post subject: Reply with quote
cmxflash wrote:
I'll just use both :)

Code:
$password = "some password";
$password = md5($password);
$password = sha1($password);


You could do what Abyss does use base64 and md5. Or reverse the string and md5 it, I've seen that in one of my scripts.
_________________
Back to top View user's profile Send private message AIM Address
TRUSTAbyss
-


Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA
PostPosted: Mon Aug 08, 2005 10:43 pm    Post subject: Reply with quote
You can get even more crazy and use md5 + gzinflate + sha1 + base64 and
your guranteed that no one will break such an encryption , isn't that better ?

I haven't tried it but it may turn out to look Alien lol.
Back to top View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> PHP All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group