Password encryption in MD5? [duplicate]

MD5 is no longer trusted, it is a hash function that is already obsolete.

If by chance an attacker has access to your DB and extracts the hashes just use this, link , like hundreds of other tools to crawl hashes of this type, knowing the respective actual passwords to the hashes stored in the DB. I do not say it will decipher all, but most of them.

I'm not sure if this is the case, but I'm not sure if this is the case. , sha256 etc ... there are good alternatives.

In case of php > = 5.5 you can use a native function, link , this, at the time of this response, uses bcrypt

MD5 it is a no-return encoding encryption. After encoded it can not be reverted. I have seen somewhere that this algorithm has a certain vulnerability because it is possible to do calculations that can hit the generated hash without having the value that was encoded at startup.

Security: Hash encryptions are used ONLY for comparison. An example of its use: Login system. When the user enters his password, the front side is generated the hash of this passwords and is sent to the back side where the server takes the hash that is already in the bank and compares with the one received if the hashes are equal permission granted if not denied permission. In a situation where this hash gets out of the DB and is re-entered in the login field, a new hash will be generated only if this has a different hash than in the DB preventing a valid login.

Some beings dedicated to knowing the possibility of not being able to decrypt the hash create bd with the initial passwords and the hash side by side. so that in a possible query the proposed hash will be compared to all that are there in the database.

A brute force attack can break the security of the hash if the proposed password is weak eg 123, an algorithm can generate several random passwords until it drops to 123 so the hash will be found.

Summarizing hash encryptions are used to authenticate an information without exposing it directly. I hope I have helped.