Password encryption on MD5?

Asked

Viewed 1,126 times

0

What security does the MD5 bring if the encryption of a password is only in the database in the password field? If by chance the system is invaded by which want another breach MD5 would influence something? What do you want to use this MD5 website? Why do you want to use it? , what security does it bring me? Hugs.

  • 4

    I think that answers: http://answall.com/q/41517/101 and http://answall.com/q/2402/101. In short, MD5 is not used for password encryption. Although many people think it fits, then do not know why you have security problems on your site. Or worse, they don’t even know the site has security issues.

2 answers

8

MD5 is no longer reliable, it is a hash function that is already obsolete.

If by chance an attacker has access to your BD and extract the hashes just use this, https://hashkiller.co.uk/md5-decrypter.aspx , like hundreds of other tools to tag hashes of this type, getting to know the actual passwords to the hashes stored in the BD. I’m not saying you’ll decipher them all, but most of them.

I stress, this will only happen if you get the hashes, that is, penetrate and extract the information from the database... But it should always MAXIMIZE SECURITY and not use MD5 to store passwords hashes, use before for ex, bcrypt, sha256 etc... there are good alternatives.

In case you are php >= 5.5 you can use a native function, http://php.net/manual/en/function.password-hash.php, this, on the date of this reply, uses bcrypt

  • I will absorb this MASTER information. Thank you. I also agree. But tell me something, Create your own encryption would be a good option nowadays?

  • +1 If using PHP use password_hash, is simple and much better than any MD5.

  • 1

    @Amaral Nop, there is already everything done, uses the most recent that are very good. It would be a waste of time

  • @Inkeliz thank you, added that to the reply. Happy holidays

  • 3

    That is certainly the best answer, and it is a pity that the questioner has accepted another. I use MD5 only to create basic UID’s without great importance, but your answer is excellent.

1

MD5 it is a loop encoding encryption. After encoded it cannot be reversed. I saw somewhere that this algorithm has a certain vulnerability because it is possible to do calculations that can hit the generated hash without having the value that was encoded at the beginning.

Security: Hash encryption is used ONLY for comparison. An example of its use: Login system. When the user enters his password the front-side side itself is generated the hash a parti of these passwords and is sent to the back-side side where the server picks up the hash that is already in the bank and compares it to the one received if the hashs are equal permission granted if no permission denied. In a situation where this hash leaks from the BD and is inserted again in the login field a new hash will be generated only this will be different from the one in the BD preventing a valid login.

Some dedicated beings know of the possibility of not being able to decrypt the hash create comics with the initial passwords and the hash side by side. so that in a possible query the proposed hash will be compared with all that are there in the database.

A brute force attack can break the security of the hash if the proposed password is weak ex: 123, an algorithm can generate several random passwords until it falls to 123 so the hash will be found.

Summarizing hash encryption is used to authenticate information without exposing it directly. I hope I’ve helped.

  • Thanks for the explanation, it wasn’t exactly my question but it helped A LOT!

Browser other questions tagged

You are not signed in. Login or sign up in order to post.