Andy11548 Posted January 17, 2012 Share Posted January 17, 2012 Whats the best way to encrypt passwords? Would something like this work? crypt(sha1($salt.md5($salt).'hello'.sha1($salt)), $salt) Quote Link to comment https://forums.phpfreaks.com/topic/255208-password-encrypting/ Share on other sites More sharing options...
litebearer Posted January 17, 2012 Share Posted January 17, 2012 What happened when you tried it? Quote Link to comment https://forums.phpfreaks.com/topic/255208-password-encrypting/#findComment-1308502 Share on other sites More sharing options...
Andy11548 Posted January 17, 2012 Author Share Posted January 17, 2012 It works fine, I'm just wondering if it will be secure. Quote Link to comment https://forums.phpfreaks.com/topic/255208-password-encrypting/#findComment-1308503 Share on other sites More sharing options...
laffin Posted January 17, 2012 Share Posted January 17, 2012 sha1/md5 is not encryption, it's a hashing system. Hashing systems work great for passwords and such because you cant reverse it to get the original. Security is dependent on your script against various attacks. I can store my passwords in plain text, and still be secure. But I have to know a few things about it's usage environment. 1) Dedicated Server 2) Limited Remote MySQL logins (Sometimes I add remote admin users to the MySQL server) 3) I santize/validate external data that gets put into the database Just because a password is encrypted/hashed does not mean secure. Quote Link to comment https://forums.phpfreaks.com/topic/255208-password-encrypting/#findComment-1308511 Share on other sites More sharing options...
Andy11548 Posted January 17, 2012 Author Share Posted January 17, 2012 Yeah, but passwords can be harder to get back to its origional state than others. I can decrypt a MD5 hash in seconds, so MD5 isn't too good to use on its own. I know the security is about your other things, but I want to know if it's a good way to hash a password for extra security. Quote Link to comment https://forums.phpfreaks.com/topic/255208-password-encrypting/#findComment-1308515 Share on other sites More sharing options...
laffin Posted January 20, 2012 Share Posted January 20, 2012 It provides no real extra security, if you have issues of ppl getting the hash, than thats more of a security leak. As I said, I can store all sorts of sensitive information in plain text, as long as I was fairly positive that my script handle the security of external data coming in was sanitized properly. Or that data was going to be handled by non privlidged class users, than I would store data encrypted/hashed. My point was that if you think that md5/sha1 provides security, it doesnt, your script provides security, md5/sha1 just provides a quick check of data without exposing the plain text data Quote Link to comment https://forums.phpfreaks.com/topic/255208-password-encrypting/#findComment-1309586 Share on other sites More sharing options...
Stooney Posted January 20, 2012 Share Posted January 20, 2012 hash('sha512', $string); That's still pretty secure. Quote Link to comment https://forums.phpfreaks.com/topic/255208-password-encrypting/#findComment-1309652 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.