Check out Scrivo

Do you want to try out Scrivo? Then here's a demo for you that does not just get your feet wet but lets you plunge right in.

Contact us

For more information, please contact us. We're happy to help you out!

Next Oct 17 Previous

Your secret is save with me

In the team meeting the design for a new password database is discussed. It is suggested to use md5() for storing password data. What do you say?

A: OK, md5() is fine for hasing passwords.
B: We can't use MD5 passwords hashes because they can easily be decoded.
C: As long as we don't use crypt(), that function is system dependend.
D: We select a stronger hashing method using either crypt() or hash()

Answer

It not OK to use md5() hashes for securing passwords. It is a very fast hashing algorithm and not very collision resistant, two properties that are very helpful when trying to compromise an MD5 hash. Although it is by definition not possible to decode an hash it is relatively easy to find a string that creates the same hash. And which burglar cares for the original key if his key works as well. So answer A is incorrect and answer B is almost correct.

PHP's crypt() used to be system dependent but since version 5.3 this is not the case anymore. So answer C is false to.

When you want to create safe password hashes an other algorithm such as Blowfish is advised. Both crypt() and hash() will give you many hashing algorithms to choose from so answer D is correct.