BillyBoB Posted July 22, 2007 Share Posted July 22, 2007 Would it be safer if you were to like instead of just using SHA1 to encrypt passwords for the database use SHA1 and cut 2 numbers off the back of the string and add the front two or somin like that? Example: c1887e2e345687458fbe665a6f7ab46adf64cbf4 turns into: c1887e2e345687458fbe665a6f7ab46adf64cbc1 not much of a change so nobody could tell but the crackers could never get it... Link to comment https://forums.phpfreaks.com/topic/61189-password-protection/ Share on other sites More sharing options...
keeB Posted July 22, 2007 Share Posted July 22, 2007 you're funny Link to comment https://forums.phpfreaks.com/topic/61189-password-protection/#findComment-304486 Share on other sites More sharing options...
BillyBoB Posted July 22, 2007 Author Share Posted July 22, 2007 this helps me how by telling me im funny??? wow.... seriously Link to comment https://forums.phpfreaks.com/topic/61189-password-protection/#findComment-304487 Share on other sites More sharing options...
hackerkts Posted July 22, 2007 Share Posted July 22, 2007 md5 would be better choice, you can make different combination like sha1 then md5, or even 2 md5. As for your first post, it would be fine all, as long as those cracker didn't know your combination. Link to comment https://forums.phpfreaks.com/topic/61189-password-protection/#findComment-304491 Share on other sites More sharing options...
Psycho Posted July 22, 2007 Share Posted July 22, 2007 You should always apply a "salt" to your password hasing algorithym. Your idea is one such method, but typically people will use something a little more complex. For instance if you have a column in the user table that won't change, such as joinDate, then you could use that as part of your salt. Take the password and concatenate the join date and then do an MD5 or SH1 hash (or both). However, whatever you use is only good against making it difficult for someone to reverse engineer passwords if they gain access to the database. But, most such compromoses are internal in shich case the thief would also have access to your source files and could see the process you took to hash the passwords. In my opinion, the best method of securing user's passwords is to create validation that requires the users to use strong passwords. A strong password, once hashed with something like MD5, would be near impossible to crack. However a weak password with MD5 hashing could be easily found with one of the many lookup tables with values for common words and combinations. Link to comment https://forums.phpfreaks.com/topic/61189-password-protection/#findComment-304496 Share on other sites More sharing options...
BillyBoB Posted July 22, 2007 Author Share Posted July 22, 2007 md5 would be better choice, you can make different combination like sha1 then md5, or even 2 md5. As for your first post, it would be fine all, as long as those cracker didn't know your combination. Um you do know that SHA1 is the better encrypter out of SHA1 and MD5 right??? Link to comment https://forums.phpfreaks.com/topic/61189-password-protection/#findComment-304509 Share on other sites More sharing options...
redarrow Posted July 22, 2007 Share Posted July 22, 2007 Proper example of a encripted password ok. Now if you need more encription add as said before other database conditions caternated ok. <?php $password="redarrow"; $password=md5(sha1(md5($password))); echo $password; ?> Link to comment https://forums.phpfreaks.com/topic/61189-password-protection/#findComment-304610 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.