About Login Register Groups People Trending Discover
🦿 Lucian Marin I open sourced the last two of my personal projects: notes.lucianmarin.com at github.com/lucianm... and photos.lucianmarin... at github.com/lucianm... -- enjoy! You can easily install them on any shared hosted service.
6y, 46w 12 replies ¬
Martijn Always good to see personal projects get open-sourced! I recently did the same for a small wiki thing I run on my server github.com/Zegnat/... The line "generated md5 of your password" gave me a small heart attack though
6y, 46w 9 replies
🦿 Lucian Marin That's just a typo, I fixed it.
6y, 46w 5 replies
Martijn My heart attack was related to md5, not any possible typos.
6y, 46w 4 replies
Login or register your account to reply
🦿 Lucian Marin Weak passwords might be the problem, not the hashing algorithm. There aren't that many hashing algorithms available in PHP 5.2.
6y, 46w 3 replies
Martijn Yes and no. MD5 is a hashing algorithm, not a key derivation function. Using it for passwords is (basically) wrong no matter what. MD5 is also no longer considered collision proof and people don't need to find your strong password, just something that results in the same hash. That combined wth a consumer graphics card doing 200 million hashes an hour... MD5 and SHA1 are both considered cryptographically broken. PBKDF2 is relatively easily to implement and I think is still acceptable even with MD5/SHA1 hashing algorithms (though don't quote me on it). Probably the best you can do on PHP 5.2 unless you include some bigger library.
6y, 46w 2 replies