http://qs321.pair.com?node_id=666067


in reply to Re^2: Encryption and MD5
in thread Encryption and MD5

When using MD5 one is not interested in reversing the digest in order to get the original value. Instead, one wants to apply the same method as the original and then compare the results to check if they match.

When I read the post I first thought it would be a web application, you are right to alert to the fact that there could be a middle-man in other scenarios, so there isn't much to do but to collect the information that comes from the browser and work with that. Given the wanted level of security, HTTPS should be considered.

I agree to your concerns on security, but in fact neglected the same values for different users, assuming integrity on DB level.
Still, salt won't solve the problem if it always the same, as it would give the same results for equal passwords. So, salt should be used and constructed in such a manner that it is different for each different user, but produces the same result for any given user. And you can do that while working with Digest::MD5.

There is a lot to say about security, and I am far from being an expert.
Thank you for your input.