Md5crypt Password scrambler is no longer considered safe by author

Posted: June 07, 2012 Comments

Md5crypt Password scrambler is no longer considered safe by author — PHKs Bikeshed.

MD5 hashes are still used prevalently today for password storage, even though we’ve been told time and time again that there are easily accessible alternatives we should be using. Sure, many times the implementations are salted but even so, the author himself requesting it not be used for passwords will hopefully nail that coffin shut.

That’s not to say MD5 is now useless, I use it all the time in fact for hashes that don’t represent passwords and don’t need to be completely secure. The faults that make it weak for password security (e.g. a defined length) make it nice for hashing various parameters for use within Web apps here and there.

Get my newsletter

Receive periodic updates right in the mail!
  • This field is for validation purposes and should be left unchanged.

Leave a Reply

Your email address will not be published.