There are LOTS of security guideline on the web to help you out.
#MD5 CHECKSUM HASHTAB PASSWORD#
Just avoid using MD5 for password digests or other HIGHLY critical security systems. MD5 is compact (only 32 digits!), therefore inexpensive on storage, and is also crazy fast to compute. If you intend to use MD5 as a simple checksum algorithm or for a unique constraint on a database table, it'll work perfectly. BUT it really depends on where and how you use it. MD5 was proven to be non-collision resistant. People say MD5 is not secure, is that true? This is one of the reason why you should use a salt to compute your password digest. For example, one could precompute the digest of all 8 characters alpha-numeric combinations and they could then scan a password table to see which password corresponds to which digest. Because MD5 computes the same hash value for a given message, it's fairly easy to use brute force to lookup a value. Rainbow tables are reverse-hash lookup tables. What are rainbow tables and why should I care? Read about the Birthday Paradox to know more. To get a collision, on average, you'll need to hash about 6 billion files per second for 100 years. Now if I wanted to revert this, how could I possibly determine with exactitude which 750,000 characters were used from just 32 digits?!? This would be the BEST compression algorithm in the world :P Using MD5 on text data of 750,000 characters, we obtain a mere 32 digits digest. To better explain why a MD5 is NOT reversible, here's very simple example: They take the data (messages) and compute hash values (digests). Hash functions are used as one-way methods. All it does is compute a hash value for a given set of data. MD5 is a one-way hash algorithm that addresses two main concerns that. You can't! MD5 is NOT an encryption algorithm! A lot of people are under the impression that MD5 encrypts data. This technical note describes the Message Digest version 5 (MD5) hashing algorithm. It's usually represented as a hexadecimal number of 32 digits. MD5 produces a 128-bit (16 bytes) hash value. MD5, like other hash functions, is used in digital signatures, message authentication codes, to index data in hash tables, for finger-printing, to detect duplicate data, uniquely identify files, and as checksums to detect accidental data corruption. The data used by hash functions is referred to as a "message", while the computed hash value is referred to as the "message digest". So what's an hash function then? Simply put, a hash function takes a block of data and returns a fixed-size bit string (hash value). It's used to compute a hash value in cryptography.
0 kommentar(er)
