Geek Answers Handbook

Is MD5 Security OK?

I am new to coding. Maybe I missed what md5 is talking about. But from the fact that β€œI tested MD5 encryption isβ€œ static ”for every word. By statics, I mean that you will always find the same result, for example md5 (β€œ hello ”). And that makes me think that it is very reversible using the library.

What if md5 ("hello") was assigned a number (example 5), and a string, for example

xbuIdSjsdsjsd44s64sd is its encryption. and was equal to 5 and suddenly sfoiefef465f4ze4f6fe was also its encryption. and also was equal to 5

Because for mathematical calculation ends with the same result. Will it be dynamic encryption?

I think, but I'm telling you that I'm new to this, so these are just questions that bother me, I think that people who have access to the md5 database password can easily change them by checking the words and storing them in kind of library.

What do you guys think? and is there an alternative to md5?

thank for any help or enlightenment

+4
source share
3 answers

These are truly legal issues. You can find the following interesting articles:

But MD5 is considered "broken" by security experts. It depends on your requirements: MD5 may be appropriate, but more secure hashes, such as the SHA-2 family , are likely to be a smarter choice, or even key hardening methods, such as PBKDF2 (as CodeInChaos suggests ).

Please note that your choice of a hash algorithm cannot be considered safe or unsafe individually. It is important to use the hash algorithm in a proven, verified, and verified manner.

+5
source

For storing passwords, a valid fast hash function, including md5 and SHA1 / 2 (even with salt), is acceptable. You need to use a slow hash, usually as a Key-Derivation-Function, to slow down brute force. PBKDF2 and bcrypt are a popular choice. You must also use an arbitrary user salt.

+8
source

Is MD5 safe, depending on what you use it for and how.

For message integrity, MD5 is no longer suitable because there is an attack to search for an alternative message with the same hash.

To store passwords in an MD5 database is acceptable , suppose you salt correctly. For this use, a known attack is completely unimportant.
If you are in paranoia mode, you can use a more complex scheme, for example, bcrypt, but for most people, saving a salty password is good enough. This prevents the lightest, most obvious attack, is easy to implement, hard to make mistakes, and has little overhead.

Note that two different passwords having the same hash value are not really a problem under normal conditions. It happens so.

Having said that using SHA instead of MD5 is really worth nothing. It has more bits, no known attack, and is supported by every half of a decent library.

+2
source

More articles:


All Articles