elite_prodigy Posted January 13, 2009 Share Posted January 13, 2009 What would be the most secure way to store a password. I know of md5(), but is there something better, or a more efficient way/method of using it? A basic example would be very helpful, as well. Link to comment https://forums.phpfreaks.com/topic/140687-secure-password-storage/ Share on other sites More sharing options...
trq Posted January 13, 2009 Share Posted January 13, 2009 A salted md5 should suffice. Google for examples. Link to comment https://forums.phpfreaks.com/topic/140687-secure-password-storage/#findComment-736301 Share on other sites More sharing options...
dawsba Posted January 13, 2009 Share Posted January 13, 2009 $add = $username; md5($add.md5($password.$add)); Link to comment https://forums.phpfreaks.com/topic/140687-secure-password-storage/#findComment-736312 Share on other sites More sharing options...
jzdexta Posted January 13, 2009 Share Posted January 13, 2009 $password = md5($userName).":".md5($userPassword); This makes both username and password case sensitive Link to comment https://forums.phpfreaks.com/topic/140687-secure-password-storage/#findComment-736331 Share on other sites More sharing options...
rhodesa Posted January 13, 2009 Share Posted January 13, 2009 i tend to see people use md5() for one way encryption...is there a reason people use that directly versus just using crypt() and letting PHP pick the best encryption method? Link to comment https://forums.phpfreaks.com/topic/140687-secure-password-storage/#findComment-736334 Share on other sites More sharing options...
dawsba Posted January 13, 2009 Share Posted January 13, 2009 i'd guess that i use md5 for end user security if for whatever reason my backup data is stolen/lost or otherwise usurped users passwords are not cracked as easily as to be done by decrpt. Thats my own view on it anyhows. Link to comment https://forums.phpfreaks.com/topic/140687-secure-password-storage/#findComment-736348 Share on other sites More sharing options...
rhodesa Posted January 13, 2009 Share Posted January 13, 2009 i'd guess that i use md5 for end user security if for whatever reason my backup data is stolen/lost or otherwise usurped users passwords are not cracked as easily as to be done by decrpt. Thats my own view on it anyhows. what do you mean "by decrpt"? Link to comment https://forums.phpfreaks.com/topic/140687-secure-password-storage/#findComment-736376 Share on other sites More sharing options...
dawsba Posted January 14, 2009 Share Posted January 14, 2009 ignore me I had base64_encode in my head. Link to comment https://forums.phpfreaks.com/topic/140687-secure-password-storage/#findComment-737015 Share on other sites More sharing options...
waynew Posted January 14, 2009 Share Posted January 14, 2009 $password = $_POST['password']; $salt = "lol_3dfthis_is_arfrf(!_salt_so_r&!andom_ololololol"; $password = sha1($salt.$password.$salt); Link to comment https://forums.phpfreaks.com/topic/140687-secure-password-storage/#findComment-737018 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.