OK. Now that I have everthing working, I figured it would be a good idea to break it. >.< No, just kidding.
I would like to know what the best encryption scheme would be for me to use, though. (Best meaning hardest to break). I've seen small discussions elsewhere about the inadequacies of MD5, but I've also heard that SHA-1 has potential issues as well and brute force hacks could become "feasible" in the next few years.
If this has been discussed, I apologise, and please point me in the right direction.
TIA!!!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Well, it depends on how much security you actually want. I think the strongest I'm familiar with is Advanced Encryption Standard (AES). This is a reversable encryption which can use 128, 192 or 256 bit salts. It's been deemed secure enough by the U.S. government to be used up to Top Secret classifications.
Of course, it all depends on securing your salt, also - something that's hard to do on a shared or remote server. But if you're doing things like financial transactions (i.e. a bank), you probably should have your server in a secure location you control.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
OK. Now that I have everthing working, I figured it would be a good idea to break it. >.< No, just kidding.
I would like to know what the best encryption scheme would be for me to use, though. (Best meaning hardest to break). I've seen small discussions elsewhere about the inadequacies of MD5, but I've also heard that SHA-1 has potential issues as well and brute force hacks could become "feasible" in the next few years.
If this has been discussed, I apologise, and please point me in the right direction.
TIA!!!
Hi, Anocelot,
Well, it depends on how much security you actually want. I think the strongest I'm familiar with is Advanced Encryption Standard (AES). This is a reversable encryption which can use 128, 192 or 256 bit salts. It's been deemed secure enough by the U.S. government to be used up to Top Secret classifications.
Of course, it all depends on securing your salt, also - something that's hard to do on a shared or remote server. But if you're doing things like financial transactions (i.e. a bank), you probably should have your server in a secure location you control.