BillyBoB Posted July 22, 2007 Share Posted July 22, 2007 Would it be safer if you were to like instead of just using SHA1 to encrypt passwords for the database use SHA1 and cut 2 numbers off the back of the string and add the front two or somin like that? Example: c1887e2e345687458fbe665a6f7ab46adf64cbf4 turns into: c1887e2e345687458fbe665a6f7ab46adf64cbc1 not much of a change so nobody could tell but the crackers could never get it... Quote Link to comment Share on other sites More sharing options...
keeB Posted July 22, 2007 Share Posted July 22, 2007 you're funny Quote Link to comment Share on other sites More sharing options...
BillyBoB Posted July 22, 2007 Author Share Posted July 22, 2007 this helps me how by telling me im funny??? wow.... seriously Quote Link to comment Share on other sites More sharing options...
hackerkts Posted July 22, 2007 Share Posted July 22, 2007 md5 would be better choice, you can make different combination like sha1 then md5, or even 2 md5. As for your first post, it would be fine all, as long as those cracker didn't know your combination. Quote Link to comment Share on other sites More sharing options...
Psycho Posted July 22, 2007 Share Posted July 22, 2007 You should always apply a "salt" to your password hasing algorithym. Your idea is one such method, but typically people will use something a little more complex. For instance if you have a column in the user table that won't change, such as joinDate, then you could use that as part of your salt. Take the password and concatenate the join date and then do an MD5 or SH1 hash (or both). However, whatever you use is only good against making it difficult for someone to reverse engineer passwords if they gain access to the database. But, most such compromoses are internal in shich case the thief would also have access to your source files and could see the process you took to hash the passwords. In my opinion, the best method of securing user's passwords is to create validation that requires the users to use strong passwords. A strong password, once hashed with something like MD5, would be near impossible to crack. However a weak password with MD5 hashing could be easily found with one of the many lookup tables with values for common words and combinations. Quote Link to comment Share on other sites More sharing options...
BillyBoB Posted July 22, 2007 Author Share Posted July 22, 2007 md5 would be better choice, you can make different combination like sha1 then md5, or even 2 md5. As for your first post, it would be fine all, as long as those cracker didn't know your combination. Um you do know that SHA1 is the better encrypter out of SHA1 and MD5 right??? Quote Link to comment Share on other sites More sharing options...
redarrow Posted July 22, 2007 Share Posted July 22, 2007 Proper example of a encripted password ok. Now if you need more encription add as said before other database conditions caternated ok. <?php $password="redarrow"; $password=md5(sha1(md5($password))); echo $password; ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.