[BristolBathPM] To MD5 or not to MD5??
Andy Gale
andy at mentalist.co.uk
Fri Nov 28 09:42:07 GMT 2008
On Fri, Nov 28, 2008 at 12:30 AM, Lyle <webmaster at cosmicperl.com> wrote:
> I'm wondering if MD5 is the best way to go? I know max was talking about
> encryption at the last meet...
Now that MD5 is considered partially insecure[1], I'd recommend using
SHA1. Also, I'd suggest you use a salt [2] in the key you are trying
to generate. The salt being basically a random string.
md5(id . password) is relatively easy to break with bruteforce (by
just trying all numbers and words, etc) while sha1(id . random_string
. password) is an order of magnitude more secure.
Cheers
--
Andy Gale
1. http://web.archive.org/web/20070604205756/http://www.infosec.sdu.edu.cn/paper/md5-attack.pdf
2. http://en.wikipedia.org/wiki/Salt_(cryptography)
More information about the BristolBathPM
mailing list