Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Regular Coder
    Join Date
    Jul 2010
    Location
    Sheffield
    Posts
    824
    Thanks
    93
    Thanked 18 Times in 18 Posts

    Good encryption method

    Im wondering what other/better encryption methods PHP has other than hash("sha256" and md5.

    Also what would a good way of salting a password be? I was thinking hash a username then add that to the password somehow but thats probably a stupid idea :P

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Sha256 or 512 are your best bets nowadays. MD5 has long been exploited.
    That sounds like a good salting to me. Whether you hash it or not is really up to you; my dynamic salt is typically a 3 or 4 random char provided for each user.

  • #3
    Regular Coder
    Join Date
    Jul 2010
    Location
    Sheffield
    Posts
    824
    Thanks
    93
    Thanked 18 Times in 18 Posts
    Ahh okay, thanks . Does double hashing make it better?

    E.g.
    PHP Code:
    $Password $_POST['password'];

    $Password hash("sha256"hash("sha512"$Password)); 
    Last edited by tomharto; 08-19-2011 at 06:16 PM.

  • #4
    Super Moderator
    Join Date
    Feb 2009
    Location
    England
    Posts
    539
    Thanks
    8
    Thanked 63 Times in 54 Posts
    Single hash will do fine. Use hash_hmac(). I use a double-salting method. I store one salt with the hash in the database, and have a global hash in the config for the project. I then use hash_hmac('sha512', $value, $dbSalt.$configSalt)

    If you're incredibly paranoid, use http://www.lamped.co.uk/utility/saltGenerator.php - yes it's mine. Shameless self-promotion.

    I would stick with sha512 for the foreseeable future. Storage isn't really an issue in this modern fancy age of big hard disks.
    lamped.co.uk :: Design, Development & Hosting
    marcgray.co.uk :: Technical blog

  • #5
    New Coder
    Join Date
    Nov 2008
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by tomharto View Post
    Ahh okay, thanks . Does double hashing make it better?

    E.g.
    PHP Code:
    $Password $_POST['password'];

    $Password hash("sha256"hash("sha512"$Password)); 
    Double hashing won't make it better or worst and the only method to figure out the password remains cracking.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •