Encryption

[The14thGOD]

Ok, I know I'm probably opening myself up to 'read the manual' or 'google' but I have and am still confused or finding things from 2001. (Sorry, this seemed to be the best area to put this in, I was looking for a 'general' category but didn't see one.)

 

What is the current best encryption? I used to use md5 but I hear that's not very secure. I've seen people say sha512 or AES. Can anyone enlighten me (link articles if you wish). I'm only securing passwords for a private site, but I'm looking to learn more. This is a side project I'm doing to kill time.

 

I plan to use salt(s) to also help in a method I read and it sounded good. Option was basically a random salt in the database as well as a salt not in the db (each user has their own salt as well as a site wide one). Though I'm not sure if that's just unnecessary or pointless?

 

Also I was wondering what the best field to store a database in? When people store cookies, do they store your password in them? (I'm hoping to keep the user logged in when they come back the next day or something.)

 

Thanks for any and all help,

Justin

[Jax2]

Here's a good example:

http://www.webcheatsheet.com/php/md5_encrypt_passwords.php

[salathe]

Hashes are "digests", not "encryption" (Source)

[dstar101]

I would suggest you using SHA for hashing password.

SHA can not be decrypt because it is one way only.Instead of decrypting SHA you need to compare it And it works good for password protecting site.MySQL also comes with SHA(),MD5() and other fucntions

[simn_stv]

md5 and sha1 hashes are probably not 100% secure, but what is ever 100%??...

using appropriate salts for your hashes could be suitable for the app ure working on. Of the 2, i'd go with sha as it has a larger bit length (160 i think) compared to md5 (128-bits)  and as a result more secure, "for some definition of security" ; )...