sangoku Posted November 28, 2010 Share Posted November 28, 2010 Hy i read the topic about the md5 insecurity and the collision possibility.... And now i have a following question. Is it not MUCH more secure to store the actual password in the DB then the md5 value of it?? Because you with it eliminate the collision possibility of the md5 completely. And I am aware of the possibility that someone could break into my DB but if I am dumb enough to let someone access my db, but that is not an issue. I can always use a 2way encryption to store the data. Quote Link to comment Share on other sites More sharing options...
worldcom Posted November 28, 2010 Share Posted November 28, 2010 My simple answer for the 'collision' possibility. When I am storing a password for a user, for example, it is stored with an incremented value as an ID in the database. Should an MD5 hash of a password match another one, it will NEVER match the combination of the ID value (incremented value) + the hash value. Quote Link to comment Share on other sites More sharing options...
sangoku Posted November 28, 2010 Author Share Posted November 28, 2010 You miss the point by few miles.... i am talking about the security for md5 versus just storing plain text..... Quote Link to comment Share on other sites More sharing options...
dink87522 Posted November 28, 2010 Share Posted November 28, 2010 No, md5 is defiantly way more secure. I would not want to be a user of your site where you stored passwords in plain text. Quote Link to comment Share on other sites More sharing options...
sangoku Posted November 28, 2010 Author Share Posted November 28, 2010 But plain text stored in a encryption has no collisions... while md5 has. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.