MyBB Community Forums

Full Version: Security at md5 ()
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Good evening! 

I have two questions, but they relate to the same problem. 

I encrypt passwords via md5 () and write them into a database:


$password = md5 ( $password );
I save a cookie with logged-in users with a SessionID and I create it like this (will be checked beforehand if a user already has the same):

$sessionID = md5 ( uniqid ( rand (), true ) );

How safe are these two examples in terms of the fact that, for example, different passwords do not have the same hash? How could a hacker outsmart this and take advantage of it? 


About suggestions for improvement, I am very grateful![img=22x22]data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7[/img]
I would suggest you to drop using md5 hashing. Yes for several reasons, and yes, I know MyBB uses it still, but ...
You should look at PHP's
password_hash()

http://php.net/manual/en/function.password-hash.php