Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris

Re: Passwords, hashes, and salt

by dynamo (Chaplain)
on Jun 24, 2005 at 18:34 UTC ( #469788=note: print w/replies, xml ) Need Help??

in reply to Passwords, hashes, and salt

If you were suggesting writing your own hash function to use instead of MD5, don't even consider it if security matters to you. MD5 has been through years of testing and review, and although there have been chinks in the armor, it's still quite usable. SHA-1 is a good alternative though, if you can find mature code for it.

Replies are listed 'Best First'.
Re^2: Passwords, hashes, and salt
by waswas-fng (Curate) on Jun 24, 2005 at 19:08 UTC
    There is more than a few chinks -- MD5 is broke, its getting worse day by day.

    look here ( for an article that explains the current publicly announced state of things. I as this gets more eyes on it, it will get even worse. MD5 digests should be considered almost as insecure as mad XOR magic. =)

    Update: just wanted to add that SHA-1 has some of the same weaknesses as MD5, but as of yet they have not been able to break it like MD5. If you are really worried you can goto something like Digest::SHA256 for a digest, but it may not be worth it yet.

Re^2: Passwords, hashes, and salt
by Mr_Person (Hermit) on Jun 24, 2005 at 19:08 UTC
    No, not at all. I may not know too much about the math behind hashing functions, but I know enough to know that I shouldn't even try to make my own for real world use! :-)

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://469788]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (8)
As of 2019-06-24 18:17 GMT
Find Nodes?
    Voting Booth?
    Is there a future for codeless software?

    Results (99 votes). Check out past polls.