🦿 Lucian Marin I open sourced the last two of my personal projects: notes.lucianmarin.com at github.com/lucianm... and photos.lucianmarin... at github.com/lucianm... -- enjoy! You can easily install them on any shared hosted service.

Martijn Always good to see personal projects get open-sourced! I recently did the same for a small wiki thing I run on my server github.com/Zegnat/... The line "generated md5 of your password" gave me a small heart attack though

🦿 Lucian Marin That's just a typo, I fixed it.

Martijn My heart attack was related to md5, not any possible typos.

🦿 Lucian Marin Weak passwords might be the problem, not the hashing algorithm. There aren't that many hashing algorithms available in PHP 5.2.

Martijn Yes and no. MD5 is a hashing algorithm, not a key derivation function. Using it for passwords is (basically) wrong no matter what. MD5 is also no longer considered collision proof and people don't need to find your strong password, just something that results in the same hash. That combined wth a consumer graphics card doing 200 million hashes an hour... MD5 and SHA1 are both considered cryptographically broken. PBKDF2 is relatively easily to implement and I think is still acceptable even with MD5/SHA1 hashing algorithms (though don't quote me on it). Probably the best you can do on PHP 5.2 unless you include some bigger library.

🦿 Lucian Marin Does it really matter what algorithm is used? It could be stored in plain text since it's part of a compiled .php file.