外部MD5ing是否被称为“加密”? [英] Does external MD5ing count as "encryption"?
问题描述
我正在准备一个我的网站的应用程序版本。
I am preparing an app version of one of my websites.
该应用程序需要您登录才能访问您的用户帐户。这个登录过程是通过HTTP而不是HTTPS完成的,但密码是使用MD5和我的服务器上的其他几个哈希存储的。
The app requires you to log in in order to access your user account. This login process is done over HTTP not HTTPS, but the password is stored using MD5 and a few other hashes on my server.
这个密码是否在应用程序,因此要求我提交其中一种出口合规表格?
Does this count as "encryption" within the app, and therefore require me to submit one of those Export Compliance forms?
感谢您的帮助。
推荐答案
我假设你是指美国加密出口限制。那些实际上不再存在。即使它们存在,MD5是一个哈希函数,并且不加密(否则,将有一个 un_md5 function)。
I'm assuming you're referring to the US Cryptography Export restrictions. Those practically don't exist anymore. Even if they would exist, MD5 is a hash function, and does not encrypt (otherwise, there'd be an un_md5 function).
此外,如果禁令仍然存在并适用,您的方案是不必要 <一个href =https://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords> weak ,所以它可能仍然是允许的,就像容易破解的40位对称加密算法是。
Also, if the ban still existed and would be applicable, your scheme is needlessly weak, so it would probably still be allowed, just as easily crackable 40 bit symmetric encryption algorithms were.
这篇关于外部MD5ing是否被称为“加密”?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
