Search the Community
Showing results for tags 'md5'.
-
Hi all I would like to know whether it is possible or not to build a secure inlog script. The script I have as example is mainly in php. I read a couple of tuts online and watched some youtube video's and discovered that both javascript and php are used. I dont know much about encryption but more and more questions are rising ..... Is it true that it is possible to add javascript encryption wen you want a user to login ? My own idea is that this looks quite insecure as anybody can see the encryption code. I have more questions but first i would like to know this if possible.
- 12 replies
-
- encryption
- md5
-
(and 5 more)
Tagged with:
-
I want to download the earlier version of WordPress.. Then, i see the word 'md5' there So, i click http://wordpress.org/wordpress-0.71-gold.zip.md5 , it gives me md5 codes.. What i don't understand is.. What's the use of MD5 for a file ? Can you tell me what's the advantage of using MD5 to calculate a file?
-
Before I begin, I tried to do some research about this subject (the Search field seems its broken and through google was a little bit painful) in the forum, so I'd like to apologise if I'm repeating it once again. I have read some articles about hashing passwords saying that md5 and sha1 are no longer safe and should use better hashing algorithms, how to hash passwords properly by avoiding double hashing, hashing with different algorithms etc etc, so I 've come up with some questions/spots that I haven't cleared them out completely. 1. Doing just this is consinder no safe, although md5 and sha1 cannot be reversed: $password=md5('my_sercretpassword123'); //for instance my password is my_sercretpassword123 although its a bad practice$password=sha1('my_sercretpassword123'); My first question is If I use one of these, using a salt isn't consider safe? eg: $password= 'my_sercretpassword123';$salt = 'lorem_ipsumd0l0rs1t@m3tc0ns3ct3tur@d1p1sc1ng3lit';$password = md5($password.$hash); //same with sha1 If anyone manages to crack this hash, will get the string 'my_sercretpassword123lorem_ipsumd0l0rs1t@m3tc0ns3ct3tur@d1p1sc1ng3lit', which isn't the actual password, right? 2. Supposing the 1st option note is not approved, then I guess I have use a better hashing algorithm like whirlpool or sha256, sha512 ect etc. So If I apply the same functionality like this: $password= 'my_sercretp@ssword123';$salt = 'lorem_ipsumd0l0rs1t@m3tc0ns3ct3tur@d1p1sc1ng3lit';$hashed_password = $password.$hash;$hashed_password = hash('whirlpool',$hashed_password); is it safe enough or I have better come with something more difficult?? I tried to google for some tutorials on this, just to get some ideas, but most of them, if not all, use plain md5 or sha1. Could you give me some examples or ideas on that?