Open tschwaab1 opened 3 years ago
MD5 is not reccomended because of brute-force attacks, because the response is too quick and hence it saves time for the hacker, it gives him more time to make more brute-force trials. Under the assumption that the other groups will not try to hach our app with brute-force style, because it takes time and domain knowledge, which they dont have, MD5 should not be a problem.
still, here some other a bit extra-complicated options: https://github.com/themattharris/PHP-Blowfish/blob/master/blowfish.php https://www.php.net/manual/en/function.password-hash.php https://www.w3schools.com/php/func_string_crypt.asp
Reason: https://webmasters.stackexchange.com/questions/28384/is-the-php-method-md5-secure-can-it-be-used-for-passwords