Reply to post: STOP THIS FORTHWITH! MD5 isn't "cracked"

Dota 2 forums fall under hackers' spell, 1.9m accounts teleported out

Destroy All Monsters Silver badge

STOP THIS FORTHWITH! MD5 isn't "cracked"

MD5 is not worse than anything else for hashing passwords, as long as you add a large salt to prevent rainbow table attacks:

Two real reasons for not using MD5 for hashing the salted passwords is: 1) it's too fast 2) public relations as said here: Why do people still use/recommend MD5 if it is cracked since 1996?

Your correct statement about MD5 being too fast and unsalted aside (because that also goes for the SHA family) I would still stay away from MD5 for a non-technical reason: Public Relations. It's a drag to have to convince your boss or client of what you explain. And tons of technical guys (whose opinions are valued by the same people you are trying to convince) are also deluded. After all, there is plenty of 'proof' on the internet that support their conviction that MD5 should not be used because it was broken in 2004.

For the details, see also this excellent answer:

How to securely hash passwords?

Yep, read it!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon