I am researching how to implement a persistent “remember me” type cookie for a site. I was just wondering is using a GUID for a security token as secure an an md5 hash of username and password?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am researching how to implement a persistent “remember me” type cookie for a site. I was just wondering is using a GUID for a security token as secure an an md5 hash of username and password?
A GUID is more “secure”, because there’s no possibility of information disclosure in a random identifier. Otherwise, were the username to be known, the password could be extracted using a per-username rainbow table or a concerted attack since you did not add salt before hashing. NB: MD5 is a rather weak hash at this point.
Long story short, if you don’t need to store private information in cookies for really really good reasons, don’t. Use a random token instead.