DWilliams Posted September 15, 2010 Share Posted September 15, 2010 Specifically for hashing a password to be stored in a database. I know SHA1 and MD5 are essentially considered broken. I've been using MD5 with a salt value on all my projects but I'm starting a new project and wondering if there's a stronger algorithm I should be using? Quote Link to comment Share on other sites More sharing options...
love_bug Posted September 15, 2010 Share Posted September 15, 2010 If you are storing treasure, wealth, gold information with your project you should worry, but for average website like phpfreaks md5 is more than enough i guess. Quote Link to comment Share on other sites More sharing options...
AbraCadaver Posted September 15, 2010 Share Posted September 15, 2010 Specifically for hashing a password to be stored in a database. I know SHA1 and MD5 are essentially considered broken. I've been using MD5 with a salt value on all my projects but I'm starting a new project and wondering if there's a stronger algorithm I should be using? I use MD5, but it depends upon what is available to your system. Use print_r(hash_algos()) to see what's available. to use with the hash() or hash_hmac() functions. Quote Link to comment Share on other sites More sharing options...
thebadbad Posted September 15, 2010 Share Posted September 15, 2010 Algorithms in the SHA-2 family are recommended by NIST. Remember that your salt should be a random string with at least as many variable bits, as there are bits in the hash result. Then you're good to go! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.