Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
  1. #1
    Regular Coder
    Join Date
    Aug 2007
    Location
    maine,usa
    Posts
    151
    Thanks
    2
    Thanked 1 Time in 1 Post

    User passwords for login

    I'm trying to figure out the best way to store them. in my database? sha or md5 or something else.

  • #2
    Senior Coder
    Join Date
    Apr 2007
    Location
    Quakertown PA USA
    Posts
    1,028
    Thanks
    1
    Thanked 125 Times in 123 Posts
    I typically hash them using sha1(), it is somewhat more secure than md5.

  • #3
    New Coder
    Join Date
    Dec 2006
    Location
    Denver, Colorado
    Posts
    17
    Thanks
    0
    Thanked 0 Times in 0 Posts
    For what it's worth, I also always store passwords as sha1() hashes. VARCHAR(40) holds them nicely.

  • #4
    Regular Coder
    Join Date
    Mar 2007
    Location
    Quebec
    Posts
    261
    Thanks
    6
    Thanked 7 Times in 7 Posts
    hmm I use MD5(). I've just thought up an idea to double MD5 encryption. Have the password hashed once, and then the hashed value hashed again. I'm about to test it out and see how easy it would be to crack an hash that also has a hash value. My instinct tells me it would be fairly easy to crack but I'll find out for sure

  • #5
    Regular Coder westmatrix99's Avatar
    Join Date
    Dec 2006
    Location
    South Africa
    Posts
    307
    Thanks
    12
    Thanked 0 Times in 0 Posts
    Sorry for this odd question but does your site actually get cracked? (not hacked but cracked)
    What would they gain?
    I mean your'e not a bank or anything are you?
    Thanks for you support!

  • #6
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,638
    Thanks
    2
    Thanked 404 Times in 396 Posts
    Quote Originally Posted by fl00d View Post
    hmm I use MD5(). I've just thought up an idea to double MD5 encryption. Have the password hashed once, and then the hashed value hashed again.
    vBulletin uses something similar to that, with a random salt added.

    Quote Originally Posted by westmatrix99 View Post
    Sorry for this odd question but does your site actually get cracked? (not hacked but cracked)
    What would they gain?
    I mean your'e not a bank or anything are you?
    It doesn't matter.. no one wants their site cracked. Whether you run a bank or a blog, it's always a bad thing.

  • Users who have thanked Inigoesdr for this post:

    westmatrix99 (08-21-2007)

  • #7
    Regular Coder westmatrix99's Avatar
    Join Date
    Dec 2006
    Location
    South Africa
    Posts
    307
    Thanks
    12
    Thanked 0 Times in 0 Posts
    Ok it's personal preference.
    Thanks for you support!

  • #8
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,638
    Thanks
    2
    Thanked 404 Times in 396 Posts
    It shouldn't be personal preference. You have an implied responsibility to do the most you can to protect your users' personal information.

  • #9
    Regular Coder westmatrix99's Avatar
    Join Date
    Dec 2006
    Location
    South Africa
    Posts
    307
    Thanks
    12
    Thanked 0 Times in 0 Posts
    All I am saying is that unless you are a bank or store some serious information then hashing and bashing makes no sense.

    Ok what you say is true that you should protect the data but trying to crack a website is childish.

    It's never happened to me. ("touch wood")
    I would love to see someone try and crack my site and hear how long it took them to figure out that they can't.
    Thanks for you support!

  • #10
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,638
    Thanks
    2
    Thanked 404 Times in 396 Posts
    Quote Originally Posted by westmatrix99 View Post
    All I am saying is that unless you are a bank or store some serious information then hashing and bashing makes no sense.

    Ok what you say is true that you should protect the data but trying to crack a website is childish.

    It's never happened to me. ("touch wood")
    I would love to see someone try and crack my site and hear how long it took them to figure out that they can't.
    No offense, but just because it's childish doesn't mean people won't do it.
    And I seriously doubt that your site can't be cracked. If it's connected to the internet, then there's a way to get to it.

  • #11
    Regular Coder westmatrix99's Avatar
    Join Date
    Dec 2006
    Location
    South Africa
    Posts
    307
    Thanks
    12
    Thanked 0 Times in 0 Posts
    Cool cheers.
    Thanks for you support!

  • #12
    Senior Coder rafiki's Avatar
    Join Date
    Aug 2006
    Location
    Floating around somewhere...
    Posts
    2,042
    Thanks
    19
    Thanked 42 Times in 42 Posts
    i sha1() passwords all the time probably always will.

  • Users who have thanked rafiki for this post:

    westmatrix99 (08-21-2007)

  • #13
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,638
    Thanks
    2
    Thanked 404 Times in 396 Posts
    I call your sha1() and raise you hash('sha256', $string);

  • Users who have thanked Inigoesdr for this post:

    rafiki (08-21-2007)

  • #14
    Senior Coder rafiki's Avatar
    Join Date
    Aug 2006
    Location
    Floating around somewhere...
    Posts
    2,042
    Thanks
    19
    Thanked 42 Times in 42 Posts
    fold. lol

  • Users who have thanked rafiki for this post:

    westmatrix99 (08-21-2007)

  • #15
    Regular Coder
    Join Date
    Aug 2007
    Location
    maine,usa
    Posts
    151
    Thanks
    2
    Thanked 1 Time in 1 Post
    I'm going to do the following
    PHP Code:
    $temp sha1($passwd);
    $password md5($temp);
    $salt substr(md5(uniqid(rand(), true)), 05);
    $secure_password md5($salt md5($password)); 
    Suggestions?


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •