it seems like phpbb, mybb, and vbulletin and others i come across all use md5. i'd like to d开发者_如何学Co integration with my main site's authentication with something more secure (sha or just the builtin crypt('password', "$salt")), but don't want to hack up a dependency to pieces so it becomes difficult to upgrade. Any ideas?
What's wrong with MD5? This is what's wrong: MD5 + one salt + another salt applied to a six-character password is breakable these days, with current PC hardware, in seconds, just by brute force alone.
Have a look at this SO discussion and also at this one here.
Then google bcrypt and glance at some of the references.
MD5 just does not do it.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论