Is there a risk of leakage if the website saves MD5 or other methods of encrypting the password?

Source: Internet
Author: User
Is there a risk of a leak if the site saves MD5 or other methods of encrypting the password?
The original password only the user knows, the website also does not know.

And this encryption algorithm plus the site's own password string, so even if the database is compromised, the password is actually useless, neither can be used to log in, nor can be used for multiple sites of the general, even if the user each site used to be the same user name and password.

------Solution--------------------
If the salt is strong enough and there is no leakage. It should be okay.
------Solution--------------------
Explore

I mean if some of the key data, in the upload time has been encrypted, not to mention the hacker, is the site itself does not know the customer's information, because the public encryption algorithm, and users never upload their own password, always only users know. Brute force crack in the case of public encryption algorithm, it is very difficult to crack, in addition to the user to set a very simple password this situation is no solution, if others can guess the password, any security technology is powerless.

The user name, and some of the text classes need to be displayed in the browser content, is not encrypted, because these things need to be public ...

------Solution--------------------
Your understanding is right, individual MD5 is not safe (you can search "online MD5"), this also look at the complexity of user's password. If your site saves the user's original password, then the company's programmers can see the password, and the general user is accustomed to all sites with the same user name and password. Do not say that the data is exported, is a perverted programmer, take the site's user name and password to the large site to try, an estimated 10 must have 7 can log in.
Again despise csdn! I changed all the registered websites.
  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.