-Hello, I'm beginner in internet programming and I was wondering about encryptions. I read, that MD5 encryption is cracked easily, but is it safe enough, when there's a captca? If not, what kind of encryption do you propose?MD5 is not encryption. MD5 is a hash or message digest (md) algorithm.
Encryption is reversible using known processes.
An MD5 hash produces a standard output of the same size - whether you put in a two-line text file, or a DVD full of photos.
Because the size of the digest is the same, there are bound to be collisions.
Since you cannot directly go from MD5 to a definite plaintext, it is not encryption.
MD5 hashes are often used as a 'signature' to verify the contents of a file or set of files.
When I download the latest version of FluxBox, I want to make sure that nobody has tampered with the ISO I grabbed, and that I didn't get a corrupted file. I run my file through the MD5 algorithm, and compare my result to the published key. If they match, then I probably have a good set of files.
( The hash can be tampered with, too)
Captcha codes only try to verify that the user on the other end is human.
In turn, this prevents a computer script from using the resources behind ( protected by the captcha) it.
Captchas aren't perfect, some have been publicly broken, and others may already be broken but not public.
Basically, they take advantage of the fact that we are good at filling in missing info, and computers are not.
So, using a Captcha will slow down anyone who is attempting to access your resources, both by making them verify they are human each time, and by preventing a computer script from overwhelming your site.
Assuming that both MD5 and Captcha codes work as designed, you / we cannot define "safe enough" until you give us an idea of the application. What are you trying to protect, and why are you choosing these technologies rather than others?
.... If I was protecting my life savings, or a government installation - no MD5 and Captcha are not enough to ensure security.
.... If you are offering free downloads of programs that you created, and you have nothing else on your web server.. then, yes - captcha to make sure the user is human, and MD5 so the user can authenticate your program is not corrupted or changed.. that should be safe enough.
没有评论:
发表评论