| Encrypt method: |
The algorithm method you want use to encrypt the password.
The extension can encrypt with 3 different algorithm:
- md4
- md5
- sha1
The MD4, MD5 and SHA-1 algorithms are secure hash functions. They take a string input, and produce a fixed size number - 128 bits for MD4 and MD5; 160 bits for SHA-1. This number is a hash of the input - a small change in the input results in a substantial change in the output. The functions are thought to be secure, in the sense that it would require an enormous amount of computing power to find a string which hashes to a chosen value. In others words, there's no way to decrypt a secure hash. The uses of secure hashes include digital signatures and challenge hash authentication. This document is a good introduction to hashes.
MD4 is not considered as secure as the alternatives.
Some weaknesses have recently been discovered in the MD5 and SHA-1 algorithms (more information). The hashes are designed so it is very difficult to find two messages that produce the same hash, this is called "collision resistance". Because MD5 is 128-bit, by random chance you will find a collision by producing 264 hashes. The weakness in MD5 is that a way has been found to produce such collisions with only 242 hashes. This makes producing collisions practical and I have seen an example of 100 different collisons.
|
