Hashing Passwords: Md5 or SHA1

Posted in hashing algorithms, passwords, web security by wwwebber on March 7, 2009

There was recently thread at sitepoint.com about the securing website passwords with 1 hashing (md5 or sha1). Someone was worried about the fact that rainbow tables like programs existed and could often get the original password from the md5. In the end, the person who started the thread and was worried that his 1 way md5 hashing was ineffective did not take into account the fact the rainbow tables are not considering the ‘salt’ that the said webmaster was (hopefully) with his password hashing.

Even more interesting and actually educational for me personally was the fact that combining hashing such as sha1(md5($password)) actually apparently increases the chances for collisions. I didn’t realize this and had in fact gotten that very idea from some open source code I had been using (some forum software)…

Comments Off on Hashing Passwords: Md5 or SHA1