Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    Regular Coder the-dream's Avatar
    Join Date
    Mar 2007
    Location
    Northamptonshire, UK
    Posts
    477
    Thanks
    8
    Thanked 4 Times in 4 Posts

    MD5 or SHA1 Encription

    Which is best? I know MD5 is 128-Bit and SHA1 160-Bit. But which one is better for a login system!

  • #2
    Senior Coder
    Join Date
    Jan 2007
    Posts
    1,648
    Thanks
    1
    Thanked 58 Times in 54 Posts

  • #3
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,044
    Thanks
    2
    Thanked 316 Times in 308 Posts
    Whichever hash method you use, always append/prepend a "salt" string to the value being hashed. This will make the brute-force/dictionary/database-lookup methods ineffective at finding the original value.
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.

  • #4
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,640
    Thanks
    0
    Thanked 649 Times in 639 Posts
    MD5 already has a lookup table constructed for unsalted values that will provide an enterable value to match any hash and so must use a salt to have any security at all. SHA1 is way more secure and has yet to be broken that way. With a salt MD5 is secure enough for most purposes.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • #5
    New to the CF scene
    Join Date
    Aug 2007
    Posts
    8
    Thanks
    0
    Thanked 0 Times in 0 Posts
    sha indeed
    For web design in Doncaster visit www.electronic-monkeys.com

  • #6
    Regular Coder
    Join Date
    Jul 2007
    Posts
    108
    Thanks
    0
    Thanked 2 Times in 2 Posts
    sha1 all the way

  • #7
    Senior Coder rafiki's Avatar
    Join Date
    Aug 2006
    Location
    Floating around somewhere...
    Posts
    2,046
    Thanks
    19
    Thanked 42 Times in 42 Posts
    i use sha1()


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •