3raser Posted March 4, 2012 Share Posted March 4, 2012 I honestly don't think salt is necessary with my system. I currently use: $password = md5(sha1(md5(sha1($_POST['password'])))); Is this good enough when it comes to storing a password, encrypted? Quote Link to comment Share on other sites More sharing options...
trq Posted March 4, 2012 Share Posted March 4, 2012 You know that running your data through md5 and the like multiple times makes it easier to undo right? Quote Link to comment Share on other sites More sharing options...
3raser Posted March 4, 2012 Author Share Posted March 4, 2012 No, could you possibly tell me why? Should I not use MD5 at all and just stick to sha1 three or so times? Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted March 4, 2012 Share Posted March 4, 2012 You shouldn't run ANY hash more than once. Quote Link to comment Share on other sites More sharing options...
Alex Posted March 4, 2012 Share Posted March 4, 2012 md5 or sha1 with a salt is enough. Quote Link to comment Share on other sites More sharing options...
requinix Posted March 4, 2012 Share Posted March 4, 2012 Should I use salt? Yes. And I'm having a hard time coming up with situations where that question, even out of context, would get a different answer. Srsly. Chaining hashes is like multiplying by 0.999. Doing it once or twice leaves you with something comparable to the original, but the more you do it the weaker your result will be. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.