Quote:
|
Originally Posted by Noah
To secure that password, php has the wonderful
string md5 ( string str [, bool raw_output]) (<--Look, a syntax guide!<--)
function. It uses the md5 encryption technique to convert a text string into 32 char long alphanumeric string. Just store the password md5 encrypted. Whenver they log in, run md5 on thier password and then compare it to the database stored string.
|
md5 is
not an encryption technique - it is a hashing technique. So, if you use md5 to
hash a password, you cannot uniquely un-md5 or "decrypt" it. It is like the php function crypt(), neither crypt() nor md5() are decryptable. That's because md5 can have "collisions" as in:
PHP Code:
<?
if ((md5($var1)==md5($var2)) && ($var1!=$var2)){
print "A hashing collision\n";
}
?>
There is a one in 3.4028236692093846346337460743177e+38 probability that two different strings will have the same md5 (got probability stats from
http://www.php.net/md5). Because a hashing (by definition) is a many-to-one mapping of values, the same hashed md5 can be reverse engineered to an infinite possible strings.
"Defense wins qualifying rounds, offense wins championships."
- Paul Copioli [more] 
21-01-2004, 18:37
Similar Threads
Threaded Mode