Hey,

What would be the best encryption algorithm to use?
I know / think that if I use both conflictions occur, but am not sure which is better to use!

Gareth

I use sha1, I believe its better encrypted but I'm not positive.

__________________

MD5 has chances of collision, and is a lighter weight hash. While SHA1 does have potential collisions, they are all theoretical at this stage. SHA1 is a military-grade hash algorithm.

__________________
Programmers are in a race with the Universe to create bigger and better idiot-proof programs, while the Universe is trying to create bigger and better idiots. So far the Universe is winning. - Rich Cook

That last part is inaccurate, they use 256 bit encryption. Though I believe (without proof) that the military and government agencies use algorithms not available commercially.

__________________

Of course, but SHA1 was designed by military-grade sources and released to the public after a time. Hashes are simply used for encryption, they do not themselves provide encryption. Hence the freedom to give secure hashes. The encryption algorithm is more important than the hash in cryptology, as a poor cipher will mathematically reveal the hash.

SHA hash functions - Wikipedia, the free encyclopedia -- SHA-0 and SHA-1

__________________
Programmers are in a race with the Universe to create bigger and better idiot-proof programs, while the Universe is trying to create bigger and better idiots. So far the Universe is winning. - Rich Cook

About MD5;

Therefor I choose SHA1 to encode my strings with. I think RobertK quoted it quite well.

MD5 - Wikipedia, the free encyclopedia
Salt (cryptography) - Wikipedia, the free encyclopedia

__________________

"Life is a bitch, take that bitch on a ride"

Wait until quantum encryption picks up.

Wasn't SHA1 cracked by some Chinese professor? Can't remember, but some programmer who use to work for me showed me some article. Let me try and digg it up. Same goes for MD5.

Here we go: The Epoch Times | Chinese Professor Cracks Fifth Data Security Algorithm

Thanks for the link, Sam. I know I had read that awhile back as well. I think for most applications SHA1 will be fine for awhile (esp. when used with a salt). I've used MD5, SHA1 and SHA256 in various applications, with rijndael-256 (AES) in one. As long as you're not storing sensitive data you're fine. I don't think prof. Wang Xiaoyun is that interested in getting into your blog.

__________________

I reject your reality, and substitute my own.

As well as SOCK, thanks for the link Sam. You're on a roll at the moment aren't you?

I've triple encoded my passwords with SHA1 and MD5. Since you'll mostly only use it when loggin in and registering, it won't slow the site down tremendously. Plus, I am using SALT so I'll be fine for a couple of years.

But, the time for change is near. Hopefully PHP will incorporate it into their new PHP 6 or above, but upgrade PHP 4 and 5 with it as well. (since more programs still depend on 4.4.8)

Once again, thanks!

The solution for now is, use it in conjunction. SHA1, MD5 and SALT put together offer a great deal of security.

__________________

"Life is a bitch, take that bitch on a ride"

In fact, ReSpawn, I read an article which says that SHA1 and MD5 put together wasn't secure at all; because it increases collisions!

Just because I can't find the answer to this question myself, I just:

sha1(md5($string));

:)