Jump to content

Archived

This topic is now archived and is closed to further replies.

Ninjakreborn

hash, sha1

Recommended Posts

I am a little confused on how to hash, and there's not tutorials on it, if I pick salts and I forget what the salt is for each one, I will lose them, the same way with key handling. 
Sha1, Hash, mdhash, how do I hash them then compare the passwords up against the hash after I get the input from the form?

Share this post


Link to post
Share on other sites
I use MD5 hashing for my passwords

$password = "pass";

$md5_pass = md5($password); (insert this into your database)


After your user goes through the login convert the inputed password to md5 (like above) and query your database with it. (SELECT * FROM users where username = $username AND password = $md5_pass)

Something like that.

Hope that helped,
-Chris

Share this post


Link to post
Share on other sites
alright perfect thanks, do you ever use sha1 or other types, and what about salt, I have seen a lot about using salt, is there a purpose?

Share this post


Link to post
Share on other sites
If someone gets a users password (after having been hashed), its _EASY_ to find a collision for it. (allowing them to log in as that user)

If someone gets a users password (after having been salted, then hashed), they may find a collision, but it will do them little good unless they can also get the salt, and algorythum used to hash the password.

Share this post


Link to post
Share on other sites
Ok that was what I don't understand then, how do I overcome the issue, do I use the exact same salt for every single password, like salt it with
$salt = brcca
for instance, just something random, or a big word, or sentence or something, then when I hash the other password for comparison, then I wuold just use the exact same salt, and if used with the same salt for all the passwords, it will work them all correctly right.
I just need hash, get inputted password, hash, then match them up, which is all fine and good, I just want to make sure the salt, using the same oen over and over again, will always have a 100% compared affect.  Unlike the stupid crypt() function, that is totally off.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.