note 26022 added to function.md5

	Jimw
	Feb 8, 2003 at 7:50 pm

This is to everyone who said "just store the md5 hash of the users password on the server, then get the user to send the the hash of their password to log in."

This technique is just as bad as sending a clear text password, if an attacker was to intercept the user sending the hash of their password, then all they would need to do is submit the same hash to gain access.

Always use some kind of random variable.

Search Discussions

Discussion Posts

Leigh: This is to everyone who said "just store the md5 hash of the users password on the server, then get the user to send the the hash of their password to log in." This technique is just as bad as sending a clear text password, if an attacker was to intercept the user sending the hash of their password, then all they would need to do is submit the same hash to gain access. Always use some kind of random variable. -- http://www.php.net/manual/en/function.md5.php

Related Discussions

Discussion Navigation

view	thread \| post
posts	‹ prev \| 2 of 2 \| next ›

Discussion Overview

group	php-notes
categories	php
posted	Oct 15, '02 at 12:35p
active	Feb 8, '03 at 7:50p
posts	2
users	2
website	php.net

font	variable	Hotkey: f
user style	avatars	Hotkey: a

note 26022 added to function.md5

Search Discussions

Discussion Posts

Related Discussions

2 users in discussion

Content

People

Support

Translate