Disable md5 now - or you will die

Feb 19, 2009 php security
This post is more than 18 months old. Since technology changes too rapidly, this content may be out of date (but that's not always the case). Please remember to verify any technical or programming information with the current release.

I remember a while ago hearing about a few theoretical collisions of the MD5 algorithm, but I thought nothing of them. Now, as more information emerges, Microsoft is issuing advisories, and people are proving more and more collisions with example code, and even md5 is out of vista, I figure its time to remind everyone not to use MD5.

What should I do?

First of all - let’s use sha1 instead - equally as easy of a function to use - but much more secure.

echo sha1('test');



Next, disable it in php using disable_functions in your configuration:


disable_functions = md5

Finally, don’t accidentally use it in your db ;)

Go to All Posts