Reputation: 7819
is reversing an MD5 hash of password very effective?
basically,
$stored_hash = strrev(md5($plain_text));
Because, now rainbow tables and pre-computed attacks might get a hit on the hash, but when the attacker types in the calculated plain text, it will not authorize because the orginal hash is computed differently.
can i implement this on my app?
Upvotes: 0
Views: 109
Answers (1)
Reputation: 1525
You should not use MD5 for hashing passwords; even though certain "tricks" may make it harder to reverse engineer passwords, rainbow tables for reversed passwords may already exist, and if they don't they can be generated.
See this article from PHP on the issue. Essentially it boils down to that you should use password hashing functions that are provided by PHP. Using these has the additional advantage that, when you run your application on a future version of PHP, it may use a more secure hashing algorithm than it does now.
Upvotes: 1
Related Questions
- md5 hashing using password as salt?
- MD5 hash reversing
- Verifying MD5 passwords using password_verify()
- Converting md5 password hashes to PHP 5.5 password_hash()
- Switching from md5 to password_hash
- Securing Passwords with a Hash
- MD5, password hashing and salt position
- Switching from md5() to crypt()
- change password form using MD5?
- General Question about MD5