50

I was reading this tutorial for a simple PHP login system.

In the end it recommends that you should encrypt your password using md5().

Though I know this is a beginners' tutorial, and you shouldn't put bank statements behind this login system, this got me thinking about encryption.

So I went ahead and went to (one of the most useful questions this site has for newbies): What should a developer know before building a public web site?

There it says (under security) you should:

Encrypt Hash and salt passwords rather than storing them plain-text.

It doesn't say much more about it, no references.

So I went ahead and tried it myself:

$pass = "Trufa";
$enc = md5($pass);

echo $enc; #will echo 06cb51ce0a9893ec1d2dce07ba5ba710

And this is what got me thinking, that although I know md5() might not the strongest way to encrypt, anything that always produces the same result can be reverse engineered.

So what is the sense of encrypting something with md5() or any other method?

If a hacker gets to a password encrypted with md5(), he would just use this page!.

So now the actual questions:

  1. How does password encryption work?

I know I have not discovered a huge web vulnerability here! :) I just want to understand the logic behind password encryption.

I'm sure I'm understanding something wrong, and would appreciate if you could help me set my though and other's (I hope) straight.

How would you have to apply password encryption so that it is actually useful?

  1. What about this idea?

As I said, I may/am getting the whole idea wrong, but, would this method add any security in security to a real environment?

$reenc = array(
 "h38an",
 "n28nu",
 "fw08d"
 );

$pass = "Trufa";

$enc = chunk_split(md5($pass),5,$reenc[mt_rand(0,count($reenc)-1)]);

echo $enc;

As you see, I randomly added arbitrary strings ($reenc = array()) to my md5() password "making it unique". This of course is just a silly example.

I may be wrong but unless you "seed the encryption yourself" it will always be easily reversible.

The above would be my idea of "password protecting" and encrypted password, If a hacker gets to it he wont be able to decrypt it unless he gets access to the raw .php

I know this might not even make sense, but I can't figure out why this is a bad idea!

I hope I've made myself clear enough, but this is a very long question so, please ask for any clarification needed!

Thanks in advance!!

Community
  • 1
  • 1
Trufa
  • 39,971
  • 43
  • 126
  • 190
  • 6
    what you "invented" already exists. it's called SALT. "salting" a hash results in higher security, yes. but md5() is kinda deprecated. it has too many collisions and is outdated. use sha1() instead – mark Dec 08 '10 at 15:03
  • 3
    @Gumbo I've been amazed with the good will and effort that people put to answer when you put a little effort in your questions! – Trufa Dec 08 '10 at 15:04
  • 1
    *(suggested alternative)* [`hash_hmac` — Generate a keyed hash value using the HMAC method](http://de2.php.net/manual/en/function.hash-hmac.php) – Gordon Dec 08 '10 at 15:10
  • @Gordon I'll take a look thank you, it seems good! – Trufa Dec 08 '10 at 15:26
  • 2
    I removed the encryption tag because md5 is a message digest function not an encryption function. – rook Dec 08 '10 at 17:31
  • @Rook Agreed, That was seems ages ago now ;) Thanks http://stackoverflow.com/questions/4388908/what-is-md5-for/4389047#4389047 – Trufa Dec 08 '10 at 17:42
  • 1
    FYI, MD5 is not secure. It should only be used to maybe ensure data integrity, not passwords! It's been broken for years. With the right tools you can easily create a collision that will give you access as long as you know what to compute. MD5 doesn't give you the benefit of securely storing passwords. Please be adviced and use SHA-1 or preferably SHA2/256 which are (S)ecure (H)ash (A)lgorithms. http://en.wikipedia.org/wiki/MD5#Security – John Leidegren Dec 08 '10 at 17:44
  • @John thanks for the advice, related question to that subject: http://stackoverflow.com/questions/2768248/is-md5-really-that-bad – Trufa Dec 08 '10 at 17:48
  • @John The relevant section is "Preimage vulnerability" which is currently only theoretical, with a prohibitive computational complexity. Looks like MD5 is good for password protection for the time being. – Axn Dec 08 '10 at 19:37
  • 1
    @Akinator - use `SHA512`, if you're truly L33T. You don't even need salt then. – orokusaki Dec 08 '10 at 21:20
  • @Axn - I don't know what rock you live under but you clearily haven't been paying attention these past years. MD5 is in fact broken, I also happen to have been using tools that create collisions in time which is computationally feasible (1-2 hours). – John Leidegren Dec 14 '10 at 10:23
  • @orokusaki a stronger hash function is not a reason to not use a salt. A salt makes it impossible to use large dictionaries of precomputed hashes, prevents a lot of the guess work that goes into password breaking. This has nothing to do with the algorithm in question. – John Leidegren Dec 14 '10 at 10:24
  • 2
    @John - Interesting. When you say "creating collisions", are you able to generate a collision for a pre-specified hash? – Axn Dec 14 '10 at 17:31
  • @Axn - Yes? http://www.mscs.dal.ca/~selinger/md5collision/ I not sure what your trying to get at, MD5 is in now way secure. – John Leidegren Dec 16 '10 at 23:00
  • @John - That page shows that MD5 is broken for digital signature purpose -- where you are free to generate both the messages that produces a collision. But, in password protection, one message (the password) is already specified, and unknown. The task is to generate another message that yields the same hash as the (unknown) password. That is the "preimage vulnerability" -- and currently that is _not_ broken. For instance, if I give you the hash of a secret password , would you be able to generate the password or another text with the same hash using your collision tools? – Axn Dec 17 '10 at 15:37
  • Gawker Media was compromised. They weren't salting, they only md5ed the passwords. See it here: http://thepiratebay.org/torrent/6036819/Gawker_Sites_Hacked_Databases__amp__More – ilhan Dec 19 '10 at 04:18
  • @ilhan I've heard of course :) but the most worrying thing IMO is the amount passwords: "password", "123456" etc etc! you might like this: http://www.codinghorror.com/blog/2010/12/the-dirty-truth-about-web-passwords.html – Trufa Dec 19 '10 at 07:15
  • @Axn - You might be limited to alpha numerics but these characters are still enough to generate a collision. A collision is all it takes to gain access. I don't need to know what the password was, I just need to find a collision. This question makes it sort of obvious why MD5 really is that bad. Which by the way references the same source http://stackoverflow.com/questions/2768248/is-md5-really-that-bad – John Leidegren Dec 19 '10 at 09:19

13 Answers13

20

You should have an encryption like md5 or sha512. You should also have two different salts, a static salt (written by you) and then also a unique salt for that specific password.

Some sample code (e.g. registration.php):

$unique_salt = hash('md5', microtime()); 
$password = hash('md5', $_POST['password'].'raNdoMStAticSaltHere'.$unique_salt);

Now you have a static salt, which is valid for all your passwords, that is stored in the .php file. Then, at registration execution, you generate a unique hash for that specific password.

This all ends up with: two passwords that are spelled exactly the same, will have two different hashes. The unique hash is stored in the database along with the current id. If someone grab the database, they will have every single unique salt for every specific password. But what they don't have is your static salt, which make things a lot harder for every "hacker" out there.

This is how you check the validity of your password on login.php for example:

$user = //random username;
$querysalt = mysql_query("SELECT salt FROM password WHERE username='$user'");
while($salt = mysql_fetch_array($querysalt)) {
    $password = hash('md5',
          $_POST['userpassword'].'raNdoMStAticSaltHere'.$salt[salt]);
}

This is what I've used in the past. It's very powerful and secure. Myself prefer the sha512 encryption. It's actually just to put that inside the hash function instead of md5 in my example.

If you wanna be even more secure, you can store the unique salt in a completely different database.

Wroclai
  • 26,835
  • 7
  • 76
  • 67
  • One important point about this is that if the attacker learns the static-salt it's still at least as secure as if you hadn't used a static salt at all. – CodesInChaos Dec 08 '10 at 15:36
  • @CodelnChaos: Yes. Stick with this solution I've made have helped me; since hackers don't wanna use decryptors to find out just one unique salt (it will take weeks). Imagine that you have a big database with a lot of users. – Wroclai Dec 08 '10 at 15:38
  • @Charlie Ok as soon as I will give it a try, this is making much more sense now! Thank you! – Trufa Dec 08 '10 at 15:44
  • 3
    You might also want to add something about how md5 is not secure because it's too fast, I would recommend using b_crypt, or if that's not available, looping the md5 hashing thousands of times. Remember, users won't care if it takes 2 seconds to login instead of 1, but people trying to guess the password will. You've doubled the time it takes to check a password, and lengthened the cracking time considerably. – Malfist Dec 08 '10 at 15:56
  • @Malfist: That's just what my solution pointing out. Even if the database gets in wrong hands, they gonna spend a LOT of more time to decrypt the password (and they will never succeed without the static salt). I've also added that I recommendsíng `sha512`. – Wroclai Dec 08 '10 at 15:58
  • 2
    sha and md5 are both designed to be _fast_, not secure. If someone is able to get access to your database, they probably have more than enough access to also dump your files, i.e. securing the static salt and any other method of security by obscurity. Hashing thousands of times, or using a more time intensive hash will significantly increase time to crack. – Malfist Dec 08 '10 at 16:16
  • @Malfist: Even then it's very hard. The hacker would be spending months on just about ten people's password because every single user have an unique salt. However, we can still looping through `sha512` thousands of times (like your mentioned) but there's up to yourself to choose which type of flexibility/speed you want. – Wroclai Dec 08 '10 at 16:22
  • Yes, that is the purpose of a unique salt. But the hacker could be after only one person's password (such as the admin's). If you hash the password 1000 times with md5, the hacker has to also. This increases the time to crack that one user's password 1000 times also (or nearly), which may push the time to crack one user's password into the years category. – Malfist Dec 08 '10 at 16:26
  • @Malfist: Of course. This was an example of my sort (since my websites are not the most popular ;)), where I simplified it. There isn't much to do to add your part into my example. – Wroclai Dec 08 '10 at 16:29
  • **gah!** You're not understanding. There is a significant difference between just hashing it once with md5 or sha512 or any other hash algorithm designed to be **fast.** Because they're fast they are **not strong enough** to be used in the real world. b_crypt or m_crypt is designed to **be slow** and because it's slow it is hard for to bruteforce and therefor **more secure**. Hashing the same password 1000's of times is a compromise in order to make it take longer. To crack a common password secured with single pass md5 would only take **a few weeks**, with b_crypt, **years**. – Malfist Dec 08 '10 at 16:40
  • And no, storing the salt in another database isn't any more secure. That's just another example of security by obscurity. **It does not work!** If the have enough access to dump one database they probably have enough to dump both. – Malfist Dec 08 '10 at 16:41
  • @Malfist: I'm understanding what your wanted to say since your first comment. That said; storing in another database is more secure than have it in a table along with your user information. The hacker MAY not have access to the whole system (like you wrote), he could just drop the database via SQL injection, and THAT makes sense - if we have stored our unique salt in another database. – Wroclai Dec 08 '10 at 16:47
  • There is a significant difference between what I'm suggesting and what you have written. As to the point you just made, if your site if vulnerable to sql injection you have more problems. The vast majority of information leaks is from the inside. I.E. a new admin grabs the entire database, or a worker who just got fired steals it, or someone puts it on a CD and loses it (happened with the IRS a few years ago). Just look at wikileaks, they didn't hack the us government, the was given or bought that information from the inside. – Malfist Dec 08 '10 at 16:51
  • 2
    @Malfist: If there is a significant difference between my answer from what you're suggesting, make another answer. Should we as programmers really care about if there's any leaks inside? That's a problem of its own. – Wroclai Dec 08 '10 at 16:54
  • @Charlie Sheen sorry for the delay but I cant get you recommendations to work (because I cannot understand the code). So yo do to hashes (one is unique to as the user becuase you multiply by microtime I guess) but i cannot understand how is your second piece of code checking the validity of the password, are you cheking one hash against another? Shouldn't they be different? I am quite confused, if by any chance you would happen to know a link to point me to a "working example" I would appreciate it, if not, whenever you can I would thank you if you could help me out a little bit Thank you!!! – Trufa Dec 09 '10 at 00:04
  • @Akinator: You compare the hash that was generated in registration exactly the same in login page, therefore the login should match. – Wroclai Dec 09 '10 at 07:08
18

Firstly, "hashing" (using a cryptographic one way function) is not "encrypting". In encryption, you can reverse the process (decryption). In hashing, there is (theoretically) no feasible way of reversing the process.

A hash is some function f such that v cannot be determined from f(v) easily.

The point of using hashing for authentication is that you (or someone seeing the hash value) do not have any feasible way (again, theoretically) of knowing the password. However, you can still verify that the user knows his password. (Basically, the user proves that he knows v such that f(v) is the stored hash).

The weakness of simply hashing (aside from weak hash functions) is that people can compile tables of passwords and their corresponding hash and use them to (effectively) get the inverse of the hash function. Salting prevents this because then a part of the input value to the hash is controlled and so tables have to be compiled for that particular salt.

So practically, you store a salt and a hash value, and authenticate by hashing a combination of the salt and the password and comparing that with your hash value.

lijie
  • 4,811
  • 22
  • 26
  • 3
    +1 Thankful to find at least a couple of posters saying that hashes are not a form of encryption. – Orbling Dec 08 '10 at 19:23
6

MD5 is a one way hashing function which will guard your original password more or less safely.

So, let's say your password is "Trufa", and its hashed version is 06cb51ce0a9893ec1d2dce07ba5ba710.

For example, when you sign in to a new webpage, they ask you for your username and password. When you write "Trufa" as your password, the value 06cb51ce0a9893ec1d2dce07ba5ba710 is stored in the database because it is hashed.

The next time you log in, and you write "Trufa", the hashed value will be compared to the one in the database. If they are the same, you are authenticated! Providing you entered the right username, of course.

If your password wasn't stored in its hashed form in database, some malicious person might run a query somehow on that database and see all real passwords. And that would be compromising.

Also, since MD5 is a 128 bit cryptographic function, there are 2^128-1 = 340282366920938463463374607431768211455 possible combinations.

Since there are more possible strings than this, it is possible that 2 strings will generate the same hash value. This is called a collision. And it makes sure that a hashed password cannot be uniquely reverse engineered.

darioo
  • 46,442
  • 10
  • 75
  • 103
  • I get you point, now that I've read some good answers, this one gives me a good idea of what md5() is though it still puzzles me that (if you don't SALT you password) why would md5() be more secure than an unencrypted password. Lets say you want to protect against a dictionary attack, what good would it be, if the hacker, knows you passwords are hashed, he would just hash his dictionary and continue trying, the collisions would just slow him down a little bit. see my point? BTW do you happen to know how high this collision rate is? Thanks for your answer! – Trufa Dec 08 '10 at 15:35
  • @Akinator - this does not provide any protection against a dictionary style attack (the attacker does not need to hash his attempts, he just peppers your site with requests). This is where you combine this with a count of the number of tries to login someone gets (e.g. 5) before they are either locked out, or temporarily unable to login for a set period (say 30 mins). – Paddy Dec 08 '10 at 15:58
  • @Paddy ok got it, but probably explained myself wrong though. – Trufa Dec 08 '10 at 16:19
  • Salts are normally just a concatenation of a (random or not) string to the password. If someone gets access to the database the passwords are still visible by plain text, and it's possible to determine which part of the string is the salt and which part is the password. MD5-ing the result means that there is no way to figure the password out without attempting every string combination, and in the unlikely event they succeed they still will have a hard time determining which part is the salt based on one decoded password. – KallDrexx Dec 10 '10 at 19:32
5

The only vulnerability with salting is that you need to know what the salt is in order to reconstruct the hash for testing the password. This is gotten around by storing the entry in the authdb in the form <algorithm>$<salt>$<hash>. This way the authdb entry can be used by any code that has access to it.

Ignacio Vazquez-Abrams
  • 776,304
  • 153
  • 1,341
  • 1,358
  • I'm a little bit lost! I could follow your line of reasoning! Sorry! could could make it a little more newbie friendly? – Trufa Dec 08 '10 at 15:15
  • If you store a password of "hello" with a salt of "12345", your code (and all code that wants to use the authdb) needs to have the salt of "12345" hardcoded in order to verify the password, since you have to hash the password and compare it to the stored hash. If you store the salt along with the hash then you don't need to have it hardcoded, and you can in fact use random salts instead, from any code that uses it. `sha1$12345$bighashgoeshere` – Ignacio Vazquez-Abrams Dec 08 '10 at 15:19
4

You're missing the important step - the salt. This is a unique (per user, ideally) bit of extra data that you add to the password before hashing it.

http://en.wikipedia.org/wiki/Salt_%28cryptography%29

pauljwilliams
  • 19,079
  • 3
  • 51
  • 79
4

Your idea (salting) is well known and is actually well-implemented in the PHP language. If you use the crypt() function it allows you to specify a string to hash, a method to encrypt (in some cases), and a salt. For example, 

$x = crypt('insecure_password', $salt);

Returns a hashed and salted password ready for storage. Passwords get cracked the same way that we check if they're right: we check the hash of what the user inputs against the hash of their password in the database. If they match, they're authenticated (AFAIK this is the most common way to do this, if not the only). Insecure passwords (like password) that use dictionary words can be cracked by comparing their hash to hashes of common passwords. Secure passwords cannot be cracked this way, but can still be cracked. Adding a salt to the password makes it much more difficult to crack: since the hacker most likely doesn't know what the salt is, his dictionary attack won't work.

Rafe Kettler
  • 75,757
  • 21
  • 156
  • 151
2

For a decent hash the attacker won't be reversing the hash, they'll be using a rainbow table, which is essentially a brute-force method made useful if everyone uses the same hash function.

The idea of a rainbow table is that since hashing is fast I can hash every possible value you could use as a password, store the result, and have a map of which hash connects to which password. If everyone just takes their passwords and hashes them with MD5 then my hash table is good for any set of password hashes I can get my hands on!

This is where salting comes in. If I take the password the user enters and add some data which is different for every user, then that list of pre-determined hashes is useless since the hash is of both the password and some random data. The data for the salt could be stored right beside the password and even if I get both it doesn't help me get the password back since I still have to essentially brute force the hash separately for every single user - I can't form a single rainbow table to attack all the hashes at once.

Of course, ideally an attacker won't get the list of hashed passwords in the first place, but some employees will have access so it's not possible to secure the password database entirely.

tloach
  • 8,009
  • 1
  • 33
  • 44
  • if you use `password` + `salt` you get 'hash', if your rainbow table is big enough, it will have `passAsaltA` and maybe `passBsaltB` as matches for that `hash`, you now some idea's on what the password maybe. if the site uses the same has for all, you'll be able to see it present in all the match results. The real problem is is your rainbow table big enough. – Simeon Pilgrim Dec 08 '10 at 19:14
  • That's why I mentioned that the salt should be different for every user. In the case that you're salting the password directly then the salt should also have a length and complexity greater than the average password, to prevent pass+salt from being hit by a standard rainbow table. It's probably better to hash the password, add the salt to the hash, then rehash and store the result. – tloach Dec 08 '10 at 19:24
1

In addition to providing salt (or seed), the md5 is a complex hashing algorithm which uses mathematical rules to produce a result that is specifically not reversable because of the mathematical changes and dataloss in throughput.

http://en.wikipedia.org/wiki/Cryptographic_hash_function

Joel Etherton
  • 37,325
  • 10
  • 89
  • 104
  • @Akinator - Sorry, that link is blocked my company's firewall. – Joel Etherton Dec 08 '10 at 15:15
  • @Joel no problem, it just reverses md5 hashes instantly. – Trufa Dec 08 '10 at 15:17
  • @Akinator - that's just it, it doesn't. It makes a GUESS at what the original message is, but it won't always get it right. As someone else said, md5 is not strong because there are too many collisions (different messages with identical hashes). The inherent problem is that these collisions do create vulnerabilities because it becomes easier to find a match than it should be. – Joel Etherton Dec 08 '10 at 15:22
  • @Joel thanks for the clarification! it makes more sense now! thanks! – Trufa Dec 08 '10 at 16:22
  • MD5 isn't insecure because of the collisions, it's insecure because it was designed for speed. A fast hashing algorithm means it's easier to check for collisions, or for the original message. My computer can generate and check thousands of md5 passwords per second. That's the real problem. – Malfist Dec 08 '10 at 16:45
  • @Malfist - I didn't say that was the only problem, only one of the problems. You even mention that it's easier to check for collisions because of the nature of the algorithm. – Joel Etherton Dec 08 '10 at 17:04
  • Yes that's a problem, but not the primary problem. SHA doesn't have the same problems with collisions, but it's also considered insecure for the same reason md5 is, it's designed for speed. – Malfist Dec 08 '10 at 17:18
1

md5 (or better put: hash algorithms in general) are used to safely store passwords in database. The most important thing to know about hashes is: Hashes are not encryptions per se. (they are one-way-encryptions at most). If you encrypt something, you can get the data back with the key you used. A hash generates a fixed-length value from an arbitrary input (like a string), which can be used to see if the same input was used.

Hashes are used to store sensitive, repeatly entered data in a storage device. Doing this, nobody can recreate the original input from the hash data, but you can hash an incoming password and compare it to the value in the database, and see if both are the same, if so, the password was correct.

You already pointed out, that there possibilites to break the algorithm, either by using a database of value/hash pairs or producing collisions (different values resulting in the hash value). You can obscure this a bit by using a salt, thus modifying the algorithm. But if the salt is known, it can be used to break the algorithm again.

Femaref
  • 60,705
  • 7
  • 138
  • 176
  • Thanks I get your point regarding the SALT part, now what I dont get is why is exactly what you say about md5, this is exactly what triggered my question, why compare "jfnvsv123" (hashed password) against "jfnvsv123" when you could just compare "123" agaist "123" beacuse the hashed one is easily reversible. – Trufa Dec 08 '10 at 15:20
  • The point is - it is not. The reason why it is easily reversible lies in the fact of `md5` (and also recently, `sha1`) being quite old, and the only reason it wasn't cracked (as in: producing enough collisions) was that the computers weren't fast enough. The page you linked doesn't "crack" the password, it uses a simple database to look it up. If no one else supplied the original input before, you won't get something back. – Femaref Dec 08 '10 at 15:23
  • @Ok that makes sense that it doesn't "crack" the hash. It actually doesn't work por loger "passwords" – Trufa Dec 08 '10 at 16:25
1

I like this question. But I think you've really answered yourself.

The site you referenced uses dictionary lookups of known, unsalted, md5's - it doesn't "crack" anything.

Your example is almost good, except your application needs to be able to regenerate the md5 using the same salt every time.

Your example appears to use one of the random salts, which will fail 2 of 3 times if you try to compare a users password hash to something input.

People will tell you to also use SHA1 or SHA256 to be have a 'stronger' hash - but people will also argue that they're all 'broken.'

Darryl E. Clarke
  • 7,537
  • 3
  • 26
  • 34
  • I see that now, you explained it very clearly thank you, but I can't see why NOT using random salts will help, lets say I get the whole array out of the hash, wouldn't that be enough? – Trufa Dec 08 '10 at 16:00
1

That documentation is misleading -- it teaches a "vulnerable" concept and presents it as somehow being "secure" because it (the saved password) looks like gibberish. Just internet junk that won't die. The following link should clear things up (you have already found a good bit of it though, it seems. Good work.)

Enough With The Rainbow Tables: What You Need To Know About Secure Password Schemes talks about MD5 (and why it should not be used) along with salt (e.g. how to thwart rainbow attacks) as well as provides useful insights (such as "Use someone else’s password system. Don’t build your own"). It is a fairly good overview.

  • +1 for sharing an example, thank you! I will give it a look! I found this one http://tinsology.net/2009/06/creating-a-secure-login-system-the-right-way/ which seems promising too I guess, still haven't found time. Thanks again!! – Trufa Dec 09 '10 at 10:26
0

To simply answer the title of your question, md5's only real use nowadays is for hashing large strings (such as files) to produce checksums. These are typically used to see if both strings are identical (in terms of files, checksums are frequently used for security purposes to ensure a file being distributed hasn't been tampered with, for example).

To address each of your inline questions:

How does password encryption work? How would you have to apply password encryption so that it is actually useful?

Secure password hashing works by taking the password in plain text form, and then applying a costly hashing function to it, salted with a cryptographically secure random salt to it. See the Secure hash and salt for PHP passwords question for more detail on this.

What about this idea?

Password hashing does not need to be complicated like that, and nor should it be. Avoid thinking up your own algorithms and stick with the tried and tested hashing algorithms already out there. As the question linked above mentions, md5() for password hashing has been obsolete for many years now, and so it should be avoided.

Your method of generating a "random" salt from an array of three different salts is not the randomness you're looking for. You need unique randomness that is suitable for cryptographically secure (i.e. using a cryptically secure pseudo-random number generator (CSPRNG)). If you're using PHP 7 and above, then the random_bytes function can be used to generate a cryptographically secure salt (for PHP 5 users, the random_compat library can be used).

Community
  • 1
  • 1
tpunt
  • 2,552
  • 1
  • 12
  • 18
0

This is my question about the aspects of md5 collision, slightly related to your question:

Is there any difference between md5 and sha1 in this situation?

The important part is in the first 3 rows, that is: you must put your salt before the password, if you want to achieve stronger protection, not after.

Community
  • 1
  • 1
Vili
  • 1,599
  • 15
  • 40
  • to be honest, I couldn't fully understand whats going on there :) but i'll take your advice! – Trufa Dec 09 '10 at 12:23