Menu
Im new at coding so Maybe I've missed the point of what md5 is about. But from what' i've experienced MD5 encryption is "static" for each word. By static i mean you will always find the same result for example md5("hello"). And this makes me think that is is highly reversible using a library.
What if md5("hello") was assigned a number (example 5), and the string for example
xbuIdSjsdsjsd44s64sd was its encryption. and was equal to 5 but what if sfoiefef465f4ze4f6fe was also its encryption. and was also equal to 5
Because both for a mathematical calculation ends to the same result. That would be dynamic encryption?
I think, but I tell you I'm a newb at all this, so those are just questions that bother me, I think that people who have access to the database md5's password, can reverse them easily by testing words and stocking them as a library.
what do you think guys? and is there an alternative to md5?
thank for any help or enlightnment
232
For storing passwords no fast hash function which include md5 and SHA1/2 (even when salted) is acceptable. You need to use a slow hash, typically in the form of a Key-Derivation-Function to slow down brute-force. PBKDF2 and bcrypt are popular choices. You should also use a random per user salt.
81
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
