...

View Full Version : Good encryption method



tomharto
08-19-2011, 03:14 PM
Im wondering what other/better encryption methods PHP has other than hash("sha256" and md5.

Also what would a good way of salting a password be? I was thinking hash a username then add that to the password somehow but thats probably a stupid idea :P

Fou-Lu
08-19-2011, 03:16 PM
Sha256 or 512 are your best bets nowadays. MD5 has long been exploited.
That sounds like a good salting to me. Whether you hash it or not is really up to you; my dynamic salt is typically a 3 or 4 random char provided for each user.

tomharto
08-19-2011, 05:42 PM
Ahh okay, thanks :). Does double hashing make it better?

E.g.


$Password = $_POST['password'];

$Password = hash("sha256", hash("sha512", $Password));

Lamped
08-19-2011, 10:11 PM
Single hash will do fine. Use hash_hmac(). I use a double-salting method. I store one salt with the hash in the database, and have a global hash in the config for the project. I then use hash_hmac('sha512', $value, $dbSalt.$configSalt)

If you're incredibly paranoid, use http://www.lamped.co.uk/utility/saltGenerator.php - yes it's mine. Shameless self-promotion.

I would stick with sha512 for the foreseeable future. Storage isn't really an issue in this modern fancy age of big hard disks.

hip_hop_x
08-20-2011, 02:56 AM
Ahh okay, thanks :). Does double hashing make it better?

E.g.


$Password = $_POST['password'];

$Password = hash("sha256", hash("sha512", $Password));



Double hashing won't make it better or worst and the only method to figure out the password remains cracking.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum