Reputation: 23
What is the purpose of MD5 hashing if it can be easily cracked?
I understand that passwords should be encrypted in databases to protect them from hackers and people with bad intentions. But MD5 was renewed in 2005. Since then, hackers found the inverse hash function and a lot of website can easily crack the MD5 hashed key, for example md5this.com which was one of the first suggested on google.
Shouldn't each web developper create their own hash functions so that the hackers can't retrieve the password if they get access to the database ?
Upvotes: 1
Views: 3035
Answers (2)
Reputation: 2471
If you feel like you have the algorithmic chops to create a workable hash function please do so. The best advice I've seen to to switch from MD5 to the latest SHA implementation, use a salt, and think about running several loops of encryption to force extra work on any crackers.
Upvotes: 0
Reputation: 10226
You shouldn't use MD5 hash for that reason anymore.
It provides some security just not enough to matter.
Each web developer should, but they don't have the time usually so sha1 usually does the trick...
Sha1 is susceptible to a brute force attack, but it would be very time consuming for most developers to come up with their own encryption pattern that isn't susceptible to brute force attacks.
Is SHA-1 secure for password storage?
Upvotes: 2
Related Questions
- Is it possible to decrypt MD5 hashes?
- Why hash passwords while the database is already compromised?
- Why not use MD5 for password hashing?
- Why is md5 still widely used
- Using an MD5 Hash as a primary key for a DB?
- Is MD5 less secure than SHA et. al. in a practical sense?
- Why doesn't having the code to the MD5 function help hackers break it?
- Is it safe to hash passwords that protect sensitive data with MD5?
- Wouldn't MD5 encrypting be reverse engineering by computing once and for all the hash of every string?
- Is there any point encrypting passwords with more than md5?