md5() Hashing Using PHP

[Man1c M0g]

This is a thread to discuss the md5() Hashing Using PHP tutorial. Please keep all posts on-topic, don't spam, and read the entire thread BEFORE you post - any issues you have could be answered deeper within the thread.

kuddos to this tutorial... it works for my project. Thanks for this tutorial

[U'ziel]

Quote:

Originally Posted by lilygrace

kuddos to this tutorial... it works for my project. Thanks for this tutorial

MD5 is a hashing algorithm not an encryption method this tutorial is titled incorrectly ;P

There is no way to to reverse the MD5 process in PHP but your site may still not be as secure as you would think. Even though a cracker or someone trying to gain access to your site would not be able to read the passwords stored in your db in plain text he/she could write a simple program to 'brute force' your MD5 hashed passwords.

Say the cracker had a word list of 70,000 words, he/she would be able to write a loop to go through each word/number combo, transfer them into MD5, if one of the combos matched what was in your database he/she would be able to gain access.

To counter this you add 'salt' to your MD5 passwords before using the md5 function on them, the randomer the better. I hit keys like... kjakas73672 would be my salt, then when they came to log in, i would md5 what they had typed in the password box with the salt and if it matched what was in the database... great! This makes brute forcing almost imposible & your passwords even more secure!

[scrowler]

the tutorial was written a while ago, since then i have become aware of these errors namely in that md5 is a hashing algorithm. this may be updated in the future, although the term "encryption" is more user friendly than "hashing" to the beginner - at which it was targetted.

[Man1c M0g]

This tutorial has now been updated as per Scrowler's request to include clarified definitions and extra links/paragraphs. Enjoy!