On 10/14/05, Dan McCullough <[EMAIL PROTECTED]> wrote: > some logic and information. > set the cookie to expire after 120 days or so, or never. you will > have to set a cookie with the username and password, preferably a md5 > encrypted password. also remember to have the logout function to > remember those cookies.
I wouldn't use md5 on anything even slightly important. Since the initial hash collision discoveries were made earlier this year, md5 look-up sites are starting to pop up: http://md5.crysm.net/ http://passcracking.com/ For those wanting to get up to speed on md5 history and the current hash collisions work being done: http://en.wikipedia.org/wiki/Md5 Md5 has been adequate for 15 or so years, but now it's time to move on. Disclaimer: There are only 5 or 6 people in the entire world who know anything about encryption. I am not one of them. -- Greg Donald Zend Certified Engineer MySQL Core Certification http://destiney.com/
