True, but I was reading on sitepoint that using more then just an identifying variable (such as a username or userid) would be a potential security risk that you should just use that one variable to pull the information out and check it.
Printable View
True, but I was reading on sitepoint that using more then just an identifying variable (such as a username or userid) would be a potential security risk that you should just use that one variable to pull the information out and check it.
Actually doing that is more of a security risk. What if a hacker found a way to change that variable? He could theoretically could login as anyone he wanted. I would prefer to let the hacker have my hashed password as, assuming you are using salts, its useless in its current form and nearly impossible to crack.
Quote:
Originally Posted by Dentafrice,
MD5 is quite easy to crack, i dont know about salts.
You cannot crack MD5..
My cousin tried it. O.oQuote:
Originally Posted by Dentafrice,
As Caleb said you can't.
You can use rainbow tables, but other then that you need a big list of encoded MD5's.
Example:
You type in the 'cracker': 5d41402abc4b2a76b9719d911017c592Quote:
Normal Text: hello
Md5 Hash: 5d41402abc4b2a76b9719d911017c592
It searches through the database and finds:
It displays the Normal TextQuote:
Normal Text: hello
Md5 Hash: 5d41402abc4b2a76b9719d911017c592
Just like Hitman's big rainbow table he uses ;p