MD5 (Re: [prog] web authentication)
Mary
mary-linuxchix at puzzling.org
Thu Nov 10 09:39:01 EST 2005
On Wed, Nov 09, 2005, Caroline Johnston wrote:
> I want a reasonably secure login system for a web-app and I'm not quite
> sure how to set it up. I had a bit of a google and I reckon I can send a
> random number to the browser and MD5 the number with the password
> client-side
MD5 is not recommended for security use anymore: the ability to generate
collisions is too good. See http://en.wikipedia.org/wiki/MD5
Current thinking seems to be that there's a little while left in the the
SHA-* hashes.
-Mary
More information about the Programming
mailing list