PHP Security update

[bowersbros]

MD5 and SHA1 have been found to have several flaws, and shouldnt really be used for security purposes. They can be cracked fairly easily.

To compensate for this, SHA-2 was produced, which although similar to SHA1, the same flaws couldn't be found.

In 2005, however. Flaws were found with SHA2.

SHA3 is currently in production, and is due to be released in 2012.

When it does get released, which should be in the Q3 or 4 of this year I believe; we should try to adopt it as quickly as possible.

http://en.wikipedia.org/wiki/MD5
http://en.wikipedia.org/wiki/SHA-2

[Curia]

And hopefully a fatal flaw isnt found to fast in it either. There isnt a current "beta" style kit for it is there? Although being a security encryption, they probs dont really want to release one.

[jacek]

All types of hash are crackable with enough time and enough CPU power.

It's worth thinking about, but for the stuff we normally deal with here it makes more sense to worry about stopping people getting hold of the hashes.

[EcazS]

Enough time and enough CPU power AND enough GPU power....

[bowersbros]

Or when they build a sufficient quantum computer, it will be able to do every single possability at once.

That will be the day hackers take over

[jacek]

Enough time and enough CPU power AND enough GPU power....

A GPU is just a CPU with many many cores and dedicated to graphics processing.

[EcazS]

A GPU is just a CPU with many many cores and dedicated to graphics processing.

Exactly