Geek asks and answers

Why md5 is still widely used

Firstly, I have to say that I am relatively new to programming, so please be careful with me if this is a naive or dumb question.

Ok, so I'm writing a small application, part of which will include hashing user passwords. Having studied the best way to do this, md5 appears as a sentence, almost as many times as it appears in articles criticizing its use.

Alternatives are similar to SHA-1, etc., which are stronger and less susceptible to cracking. It makes sense.

To get to the point:

  • Why md5 is still widely used for hashing
  • Should I automatically drop md5 for password hashing or are there specific use cases when its use will be really better than other hashing mechanisms?
+5
source share
5 answers

Do not use MD5 and SHA-1 for password hashing. They are designed to quickly calculate what exactly you donโ€™t want. If people use these hashing algorithms to hash passwords, this is probably because they are not aware of the alternatives.

- bcrypt, . , . , , , . , , .

+8

mysql_* , , - ( !).

, , . Google .

, , , .

+1

md5

, , , (md5 ISO). , , (), :)

, , ?

. , . , , @markbyers , , . Bcrypt

0

md5 ?

. Wordpress . Wordpress .

, , ?

, . , , .

0

MD5 - [*], "" .

, , " " MD5, , , .

"", , , " " " ".

Linked-In , . , , ( Google).

, , . , , , , , , . , .

The only true drawbacks discovered so far in MD5 are the ways to create a new file, which can lead to the same MD5 digest as another file, when you already know the contents of the original file. This is called a โ€œsecond preview image attackโ€ and does not matter when considering the use of a hash algorithm to encrypt passwords.

All that said, if the best algorithm (SHA-2, bcrypt) is available, you can use it!

[*] I would not use MD5 for anything related to e-commerce, though!

0
source

More articles:


All Articles