PHP Hash Comparison Weakness A Threat To Websites, Researcher Says

Discussion in 'other security issues & news' started by Minimalist, May 9, 2015.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,085
  2. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    491
    Location:
    Earth .... occasionally
    It seems that MD5 and SHA-1 are the most vulnerable to this threat.

    Both of those have been regarded as untrustworthy for quite some time now.

    Best to stick with SHA-256 and SHA-512 IMO , and it appears to be the policy at VirusTotal also.

    This is a handy tool :
    https://raylin.wordpress.com/downloads/md5-sha-1-checksum-utility/

    Don't be put off by the URL , it includes SHA-256 and SHA-512 in the free version.
    The paid version also supports CRC32 and SHA-384.
     
    Last edited: May 10, 2015
Loading...