MD5 - Info Please

steveo · #1 (**permalink**) 11-01-04, 01:05 PM

Hey all,
I currently have a member section I created and just wondering what are the benefits to using MD5 Encryption to encrypt your passwords? - Obviously it's their so no one can get peoples passwords.

I just wanted to know why you would use it? - Just for security purposes?

CrAzY_CuStoMs · #2 (**permalink**) 11-01-04, 01:17 PM

mainly for security yes... its a one way hash of the password string. there is no way to decrypt it... well there is it will jsut take too long and far to much processing power.

FiRe · #3 (**permalink**) 11-01-04, 02:59 PM

yes its almost undecryptable which is why most people use it because if some unwanted intruder gets into your database then he cant get the password!

so when logging in, if the users pass is encrypted in the db then you encrypt into md5 the password they gave and then compare it!

if you have a lost password feature you should have a random password function to generate 1, then email it to them, encrypt it in md5 and overwrite the current pass!

Eclipse · #4 (**permalink**) 11-01-04, 08:38 PM

Hey,
While md5 is very hard to crack brute forcing it is always a risk. So make sure to use a password that most like wont be in a password list. For example something like: mypasswordpwns or something like that....

moronovich · #5 (**permalink**) 11-01-04, 10:44 PM

hello guys,
just an info for you. the first level in md5 encryption is now exposed. so there is still possibility that one will find its decryption. also eclipse has pointed out security issue in creating password, never use bad words that exists in dictionary or commonly used words.

4n7hr4x · #6 (**permalink**) 11-01-04, 11:54 PM

best form of password encryption requries a database, use md5, then use mySQL PASSWORD function and encrypt the already encrypted password,

moronovich · #7 (**permalink**) 11-02-04, 12:50 AM

Quote:

best form of password encryption requries a database, use md5, then use mySQL PASSWORD function and encrypt the already encrypted password,

but honestly, i can't find the purpose of doing this act.. this is like starting a game you'll never end.

steveo · #8 (**permalink**) 11-02-04, 04:01 AM

Well, my website is pretty worthless to a 'hacker' say, it's nothing special and none of the accounts hold personal information apart from emails.

Would it be worth MD5'ing all the passwords?