http://www.brandnoo.com/2007/06/20/some-ideas-for-securing-your-users-passwords-in-a-database/ Ramblings about geek culture and web development Fri, 05 Dec 2008 08:48:45 +0000 http://wordpress.org/?v=2.6.3 http://www.brandnoo.com/2007/06/20/some-ideas-for-securing-your-users-passwords-in-a-database/#comment-62 Patrik Thu, 10 Apr 2008 19:46:44 +0000 http://www.brandnoo.com/2007/06/20/some-ideas-for-securing-your-users-passwords-in-a-database/#comment-62 It's a bit late I know, but I was going through your posts and found this one. Without being too much of a nitpick I'd like to remark upon the fact that md5 doesn't really "encrypt" the data passed to it, but rather "hashes" it. The data is really being scrambled into an unrecognizable mess. Also, iirc the md5 algorithm has been broken, which means that there indeed would be a way to derive the original data, from the output. Another algorithm SHA1 (Secure Hash Algorithm) is probably your best bet, being both widespread and has, as of yet to the best of my knowledge, not been broken. Other than that, good post :) Cheers, Patrik It’s a bit late I know, but I was going through your posts and found this one. Without being too much of a nitpick I’d like to remark upon the fact that md5 doesn’t really “encrypt” the data passed to it, but rather “hashes” it. The data is really being scrambled into an unrecognizable mess.
Also, iirc the md5 algorithm has been broken, which means that there indeed would be a way to derive the original data, from the output.
Another algorithm SHA1 (Secure Hash Algorithm) is probably your best bet, being both widespread and has, as of yet to the best of my knowledge, not been broken.
Other than that, good post
Cheers, Patrik

]]>