something i don't understand about MD5

Anon

ok i know that md5 is a one way hash, and i know how to use it. My question really is, since php is a server side language, how is md5 secure when transfering data? let's say you have a field "password" and you hit the submit button. That text will be transfer clear as day, until it hits the server and the php code encrypts it and adds it to the database. Is there something i'm missing here? Do you have to use SSL still when transfering important data?

peace
sean

brandonschnell

a packet sniffer could pick up the password on its way to the server. for most sites (non-financial/non-commercial) this isn't a concern as it would require that someone have full access to a network or to a computer on the route between the user and the server.

encypting all user data using SSL is a good idea, however is an overkill for many sites.

the main reason to store encypted passwords on the server is to protect the user in case the database is compromised.

johnh

I agree with Brandon, SSL would be required if you need encryption from client to server. MD5, like Brandon said is only to save information in a database, and not something to use for end-to-end encryption.

Anon

do you think if i do md5 with javascript, that would be fairly secure for transfering passwords and some other important data? I'm not tranfering credit card info, but i would like to be fairly secure.

peace
sean

johnh

I have never tried to use MD5 with JavaScript, does it support it? If not, then you're not going to get any security that way.

John

Anon

yah, i know of a way to use md5 and javascript together. I'm just making sure it makes sense that that would be a way to transfer data that could not be read clearly with sniffer or what not. I know SSL would be my best bet, but that's not possible for me right now.

peace
sean

johnh

Good luck then, cuz I don't have any experience with MD5 and javascript. What you might consider doing is getting the md5 hash from php into a javascript variable, and maybe that kick things off in the right direction.

John