Is this a good way to hash passwords?
Hi guys how are things :)
Ive recently been thinking of ways to make my passwords a little less hackable.
Ive been thinking of using bcrypt or scrypt but in my way of thinking its not how good the hash encryption algorithm is but how you set your passwords out.
I maybe wrong here as i have only been in this industry for 18 months.
But i was thinking of having a salt password and pepper in sha256 which i know is not the best but still has a 256bit encryption which will slow the hacker down a few seconds lol..
Then i was thinking of cutting the password into 20 and scrambling it.
Can someone tell me if this is worth it or am i just playing with stuff that wont make any difference?
$salt = hash('sha256', '&^RVNH.dsf(&');
$pepper = hash('sha256' , rand(1,9999) . rand('a','z') . rand(1.999));
$passraw = $salt . hash('sha256', $password) . $pepper . '9s8fj2ms';
$p1 = substr($passraw,0,10);
$p2 = substr($passraw,10,10);
$p3 = substr($passraw,20,10);
$p4 = substr($passraw,30,10);
$p5 = substr($passraw,40,10);
$p6 = substr($passraw,50,10);
$p7 = substr($passraw,60,10);
$p8 = substr($passraw,70,10);
$p9 = substr($passraw,80,10);
$p10 = substr($passraw,90,10);
$p11 = substr($passraw,100,10);
$p12 = substr($passraw,110,10);
$p13 = substr($passraw,120,10);
$p14 = substr($passraw,130,10);
$p15 = substr($passraw,140,10);
$p16 = substr($passraw,150,10);
$p17 = substr($passraw,160,10);
$p18 = substr($passraw,170,10);
$p19 = substr($passraw,180,10);
$p20 = substr($passraw,190,10);
$passencrypt = $p2 . $p5 . $p19 . $p11 . $p1 . $p15 . $p7 . $p18 . $p3 . $p20 . $p17 . $p16 . $p4 . $p10 . $p8 . $p12 . $p14 . $p9 . $p13 . $p6;
For got to mention because the pepper is random, this is stored in a different table within the database to retrieve it when login is in effect.