when saving user's passwords to a sql database, is it really that important to md5 them? if someone has access to the md5 hash code, couldn't they very easily decrypt it?
Hashing is one way - millions of different original values can generate the same hash but if you make a minor change to the original (which could be so small as to be unnoticable) then you end up with a completely different hash.
Hashes such as MD5 are primarily used for detecting changes to the original from which the hash was originally generated. Their use to hide passwords was not intended when MD5 was created.
It has since been discovered that it is not all that hard to work out AN original value that will generate a specific MD5 hash. That doesn't mean that you have worked out what the persons password is just that you have found a value that will achieve the same result of getting into their account. To avoid this problem most systems now use what is known as a "salt" which is a value added to the password and included in the hash. The resultant hash is therefore completely different from the hash obtained without the salt and since the salt is added to the value before hashing it becomes necessary to not only find A value that produces the hash but a value that also includes the salt. That is a much more difficult task because all the effort that went into breaking the MD5 hash for unsalted input would need to be repeated for each salt value in order to break it for a given salt.
Encrypting instead of hashing the password would be pointless since anyone with access to the encrypted copy would also have access to run the decryption module.
Posting Permissions
Bookmarks