[drupal-devel] Contract Module

Kieran Lal kieran at civicspacelabs.org
Tue Jun 7 22:51:18 UTC 2005

On Jun 7, 2005, at 3:25 PM, NSK wrote:

> On Tuesday 07 June 2005 08:40, Nathan Wheatley wrote:
>> MD5, or SHA-1 [...] (MD5 [...] used by Drupal)
> Isn't SHA-1 more secure than MD5? MD5 is 128bit but SHA-1 is 160bit.
> I think both are crackable today, but MD5 is more well-known and  
> therefore an
> easier target for cracking. I recently had to choose between MD5  
> and SHA1 for
> an application, and I chose SHA-1.

It's time dependent.  Just because something CAN be cracked doesn't  
mean it will for the application.   So if you want a password for a  
bank you use something that's harder.  If you are hashing for instant  
messages that will read inside of 5 seconds then MD5 isn't going to  
be broken in that timeframe.

I've yet to hear of MD5 being casually exploited for simple end user  


> -- 
> http://portal.wikinerds.org

More information about the drupal-devel mailing list