Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

MD5 security is fine? [closed]

Im new at coding so Maybe I've missed the point of what md5 is about. But from what' i've experienced MD5 encryption is "static" for each word. By static i mean you will always find the same result for example md5("hello"). And this makes me think that is is highly reversible using a library.

What if md5("hello") was assigned a number (example 5), and the string for example

xbuIdSjsdsjsd44s64sd was its encryption. and was equal to 5 but what if sfoiefef465f4ze4f6fe was also its encryption. and was also equal to 5

Because both for a mathematical calculation ends to the same result. That would be dynamic encryption?

I think, but I tell you I'm a newb at all this, so those are just questions that bother me, I think that people who have access to the database md5's password, can reverse them easily by testing words and stocking them as a library.

what do you think guys? and is there an alternative to md5?

thank for any help or enlightnment

like image 232
james Avatar asked Dec 07 '22 20:12

james


1 Answers

For storing passwords no fast hash function which include md5 and SHA1/2 (even when salted) is acceptable. You need to use a slow hash, typically in the form of a Key-Derivation-Function to slow down brute-force. PBKDF2 and bcrypt are popular choices. You should also use a random per user salt.

like image 81
CodesInChaos Avatar answered Jan 10 '23 23:01

CodesInChaos