[drupal-devel] Contract Module
Kieran Lal
kieran at civicspacelabs.org
Tue Jun 7 22:51:18 UTC 2005
On Jun 7, 2005, at 3:25 PM, NSK wrote:
> On Tuesday 07 June 2005 08:40, Nathan Wheatley wrote:
>
>> MD5, or SHA-1 [...] (MD5 [...] used by Drupal)
>>
>
> Isn't SHA-1 more secure than MD5? MD5 is 128bit but SHA-1 is 160bit.
>
> I think both are crackable today, but MD5 is more well-known and
> therefore an
> easier target for cracking. I recently had to choose between MD5
> and SHA1 for
> an application, and I chose SHA-1.
It's time dependent. Just because something CAN be cracked doesn't
mean it will for the application. So if you want a password for a
bank you use something that's harder. If you are hashing for instant
messages that will read inside of 5 seconds then MD5 isn't going to
be broken in that timeframe.
I've yet to hear of MD5 being casually exploited for simple end user
applications.
Cheers,
Kieran
>
> --
> NSK
> http://portal.wikinerds.org
>
>
More information about the drupal-devel
mailing list