PHP Hash Comparison Weakness A Threat To Websites, Researcher Says

Discussion in 'other security issues & news' started by Minimalist, May 9, 2015.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,883
    Location:
    Slovenia, EU
    Minimalist, May 9, 2015
    #1
  2. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    511
    Location:
    Earth .... occasionally
    It seems that MD5 and SHA-1 are the most vulnerable to this threat.

    Both of those have been regarded as untrustworthy for quite some time now.

    Best to stick with SHA-256 and SHA-512 IMO , and it appears to be the policy at VirusTotal also.

    This is a handy tool :
    https://raylin.wordpress.com/downloads/md5-sha-1-checksum-utility/

    Don't be put off by the URL , it includes SHA-256 and SHA-512 in the free version.
    The paid version also supports CRC32 and SHA-384.
     
    Last edited: May 10, 2015
    quietman, May 10, 2015
    #2
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...