md5

I have a LAMP (PHP) website which is becoming popular. I played it safe by storing the user passwords as md5 hashes. But I now see that's not secure; I should have salted the md5 hash - because it's currently possible to decode unsalted md5 hashes using rainbow tables. What can I do? I don't want to make everyone type a new password. You can do a "2 step hashing" instead of creating a hash in a single step. You could append each password hash to the username, and then hash it again. This will create an undecryptable hash thats salted with unique informations. The usual process of salting is

I am taking the MD5 hash of an image file and I want to use the hash as a filename. How do I convert the hash to a string that is valid filename? EDIT: toString() just gives "System.Byte[]" How about this: string filename = BitConverter.ToString(yourMD5ByteArray); If you prefer a shorter filename without hyphens then you can just use: string filename = BitConverter.ToString(yourMD5ByteArray).Replace("-", string.Empty); System.Convert.ToBase64String As a commenter pointed out -- normal base 64 encoding can contain a '/' character, which obivously will be a problem with filenames. However, there

Does the MD5 algorithm always generate the same output for the same string? Is using a salt the only to produce different output? Yes, otherwise MD5 would be useless for things like file verification. What reason would you have for non deterministic output? Yes, a hash algorithm always produces the same output. If you use the same salt, this will also always produce the same output for a given input. Yes, MD5 always outputs the same given the same input. That's how it's used for passwords. You store the hash in the database, then when the user types their password in, it's hashed again and the

I don't really need to import any data into my D7 build other than users. I have (by SQL) imported my user data however, the D7 password encryption method is now different. I'm not an expert by any stretch of the imagination and I've never used Drush, but I have come across this user_update_7000 code snippet found user.install ( http://api.drupal.org/api/drupal/modules--user--user.install/function/user_update_7000/7 ) <?php require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc'); $old_hash = md5('password'); $hash_count_log2 = 11; $new_hash = user_hash_password(

PHP has a uniqid() function which generates a UUID of sorts. In the usage examples, it shows the following: $token = md5(uniqid()); But in the comments, someone says this : Generating an MD5 from a unique ID is naive and reduces much of the value of unique IDs, as well as providing significant (attackable) stricture on the MD5 domain. That's a deeply broken thing to do. The correct approach is to use the unique ID on its own; it's already geared for non-collision. Why is this true, if so? If an MD5 hash is (almost) unique for a unique ID, then what is wrong from md5'ing a uniqid? A UUID is 128

In my user database table, I take the MD5 hash of the email address of a user as the id. Example: email(example@example.org) = id(d41d8cd98f00b204e9800998ecf8427e) Unfortunately, I have to represent the ids as integer values now - in order to be able to use an API where the id can only be an integer. Now I'm looking for a way to encode the id into an integer for sending an decode it again when receiving. How could I do this? My ideas so far: convert_uuencode() and convert_uudecode() for the MD5 hash replace every character of the MD5 hash by its ord() value Which approach is better? Do you