MD5 Hash Generator - Why
I am planning to implement a MD5 encryption on passwords on my website, but it seems like it's not really that great as there are websites out there like http://md5cracker.org to reveal the password if data was stolen. Is there any better way to protect passwords?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
MD5 is a really old hash standard. even SHA1 is now depreciated, and SHA2 recommended. You should not be implementing anything in MD5 these days, even with salt.
@petewinter: Going forward, you might want to leave your questions open a little longer - 24 hours is probably a good minimum expectation. Most E-E experts are not online at the same time and it sometimes takes a day for us to see the new questions.
In this area of inquiry, there is a lot of written science and depth of understanding, and the field is presently undergoing a revolution. If you're still using passwords, no matter how you're hashing or storing them, your application is on life-support. If you want to get into the issues a little more, please post a new question about client authentication and data security, and please don't assume that md5() is either bad or good - just listen to the expert voices and try to make wise choices after you understand the way attacks are being crafted today.
You don't have to be technical to know it's a huge problem - just read the newspapers. Target, Snapchat, Nieman-Marcus, the US Government - all have suffered enormous multi-million dollar data losses because their data was exposed and the passwords (and other information) was deciphered.
In this area of inquiry, there is a lot of written science and depth of understanding, and the field is presently undergoing a revolution. If you're still using passwords, no matter how you're hashing or storing them, your application is on life-support. If you want to get into the issues a little more, please post a new question about client authentication and data security, and please don't assume that md5() is either bad or good - just listen to the expert voices and try to make wise choices after you understand the way attacks are being crafted today.
You don't have to be technical to know it's a huge problem - just read the newspapers. Target, Snapchat, Nieman-Marcus, the US Government - all have suffered enormous multi-million dollar data losses because their data was exposed and the passwords (and other information) was deciphered.
ASKER
Thanks for the advice.
ASKER