That’s why they need a little bit of seasoning. Some salt would do the trick. At least it would help with a dictionary/rainbow table based attack anyway
Yep, salt. Also, there are much better options than MD5. I used bcrypt in systems I built a while back. There’s also scrypt and argon2, which are newer. (Just be careful that you don’t create a DoS vulnerability while hardening your login system…)
That’s why they need a little bit of seasoning. Some salt would do the trick. At least it would help with a dictionary/rainbow table based attack anyway
Yep, salt. Also, there are much better options than MD5. I used bcrypt in systems I built a while back. There’s also scrypt and argon2, which are newer. (Just be careful that you don’t create a DoS vulnerability while hardening your login system…)
Yep, and md5 is only used by many because it’s so fast. Cutting corners for speed’s sake is always going to come with a penalty somewhere.
And, you know, checksums, which MD5 is honestly great for
MD5 is vulnerable to collisions, so it’s possible for an attacker to match checksums, too.
You sound very salty for someone this knowledgeable.