Md5

Cryptographic hash function with a 128-bit (16-byte) hash value

Salt

Cryptography function that takes random bits and a string (typically a password) and uses a one-way hash to provide a new string that can be used for authentication without providing access to the original string



Secure security secondly

Example

"Firstly hashing password without salt will defer the security;secondly md5 is not considered secure any more so usage in new application is not recommended"

from question  

How to encrypt password using spring hibernate in java

"An unsalted md5 hash is not much safer than storing"

from question  

Change password function

"Bcrypt is considered the most secure way to implement password hashing with salt because it is slow - much slower than an md5"

from question  

MD5 Salt Login System

"Use -c to create it tried the command with -c flag but still same error docker run --entrypoint htpasswd registry 2 -b test password auth htpasswd -c the sha algorithm does not use a salt and is less secure than the md5 algorithm"

from question  

Creating for a Docker Secure Registry

"Using sha256 with a salt will be much more secure than md5"

from question  

Fatfree user auth global variable

User string visitor-supplied

Example

"The time-based salt will not make md5 any easier to break;you re still relying on 1 the user having a good password to defeat brute force calculations and 2 md5 being a decent hash"

from question  

Client Side MD5 Hash with Time Salt

"By computing a hash from a visitor-supplied string plus some salt of course i can tell whether the user provided the same password twice without the security risk of allowing my application to be able to decrypt the provided password possibly maliciously;my sense is that encode and decode are probably good solutions when you want the data to be recoverable but that unrecoverable hash using crypt md5 is a better approach for stored passwords"

from question  

Is ENCODE() and DECODE() the "best" way to handle an application password field in MySQL?

"That is when the user creates a new account and enters a password you build a string from the password plus user name plus a salt which is just a small string that s the same for everyone on your site--this is to thwart rainbow table attacks;then you run that string through a good hash algorithm--something like sha1 is fine even md5 is more than adequate despite reports to the contrary"

from question  

Encryption -- how to do it

Random ways salt

Example

"Encrypt the passwords with one-way encryption algorithm with a random salt like the common opinion: sha-256 is stronger than md5"

from question  

A proposal for Data Transmission and Password Encryption

"Md5 is ways too fast and one should include a random salt;because of the salt you cannot just recalculate the hash and compare it with the stored hash"

from question  

How to add md5 hash of a password in phpmyadmin 4.1.6?

Others

Example

Regarding the question sha1 with salt works fine for most use-cases unless you write software for the cia or such;the point is that even salted md5 -hash isn t worth to get cracked on most sites

from question  

Dealing with lack of hashing methods (different php versions - same code)

Decode the passwords yourself and re-encode them with a salt i recommend something a little more fancy than md5

from question  

Going from unsalted to salted MD5 passwords

So i will write it partly as pseudo code note that i m merging the password bytes and the salt bytes not the password string and the salt string;then the md5 it taken only once from these merged bytes

from question  

How to properly hash a password

Usually a salt is randomly generated for each user and stored together with the password in the same object database row;furthermore md5 should not be used anymore

from question  

How does Hybris salt its MD5 password hashes?

Anyways i want to reiterate that plain md5 hash are easy to crack for most passwords since people like short and easy to remember passwords. use a salt and or a more complex algorithm;i d recommend both and use a salt that is longer than two characters and not limited to numbers

from question  

Importing MD5+Salt Passwords to MD5

Using the mailaddress as salt is a good idea;but using md5 is not

from question  

Md5 salt password php

Back to Home
Data comes from Stack Exchange with CC-BY-SA-4.0