hash, sha1

[Ninjakreborn]

I am a little confused on how to hash, and there's not tutorials on it, if I pick salts and I forget what the salt is for each one, I will lose them, the same way with key handling. 
Sha1, Hash, mdhash, how do I hash them then compare the passwords up against the hash after I get the input from the form?

[cmgmyr]

I use MD5 hashing for my passwords

$password = "pass";

$md5_pass = md5($password); (insert this into your database)


After your user goes through the login convert the inputed password to md5 (like above) and query your database with it. (SELECT * FROM users where username = $username AND password = $md5_pass)

Something like that.

Hope that helped,
-Chris

[Ninjakreborn]

alright perfect thanks, do you ever use sha1 or other types, and what about salt, I have seen a lot about using salt, is there a purpose?

[Joe Haley]

If someone gets a users password (after having been hashed), its _EASY_ to find a collision for it. (allowing them to log in as that user)

If someone gets a users password (after having been salted, then hashed), they may find a collision, but it will do them little good unless they can also get the salt, and algorythum used to hash the password.

[Ninjakreborn]

Ok that was what I don't understand then, how do I overcome the issue, do I use the exact same salt for every single password, like salt it with
$salt = brcca
for instance, just something random, or a big word, or sentence or something, then when I hash the other password for comparison, then I wuold just use the exact same salt, and if used with the same salt for all the passwords, it will work them all correctly right.
I just need hash, get inputted password, hash, then match them up, which is all fine and good, I just want to make sure the salt, using the same oen over and over again, will always have a 100% compared affect.  Unlike the stupid crypt() function, that is totally off.