Jump to content
  • 0
Sign in to follow this  
Followers 0

Hashing a password


Question

Posted

Using PHP, is there a built-in function for hashing a password (a string) before storing it in a MySQL database? I'm trying to build a registration page and don't want to store passwords in clear-text.

Share this post


Link to post
Share on other sites

11 answers to this question

  • 0

Posted

yeah md5() however its good idea to 'salt' it as well.

Share this post


Link to post
Share on other sites
  • 0

Posted

For example, the MD5 hash:
[url="http://php.net/manual/de/function.md5.php"]http://php.net/manual/de/function.md5.php[/url]

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='stevember' timestamp='1329071098' post='594650550']
yeah md5() however its good idea to 'salt' it as well.
[/quote]How would I salt it?

Share this post


Link to post
Share on other sites
  • 0

Posted

Here's a (variation of the) function I use in my sites:

[php]function passwordHash($unencrypted, $usernameOrOtherStaticVar)
{
$salt = md5(strtolower($usernameOrOtherStaticVar) . 'someSaltHere');
return hash('sha512', $salt . $unencrypted);
}[/php]

Salted and double hashed :)
1 person likes this

Share this post


Link to post
Share on other sites
  • 0

Posted

you could use your own encryption 128 bit anyone?

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='SPEhosting' timestamp='1329071741' post='594650588']
you could use your own encryption 128 bit anyone?
[/quote]
You shouldn't reinvent the wheel when it comes to cryptography... besides SHA512 is (at least) 4x stronger.

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='-Alex-' timestamp='1329072100' post='594650596']
You shouldn't reinvent the wheel when it comes to cryptography... besides SHA512 is (at least) 4x stronger.
[/quote]


function protect($email) {
$key = 'insert-random-key-here';
$size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($size,MCRYPT_DEV_URANDOM);
return mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $email, MCRYPT_MODE_ECB, $iv);
}

this is what I use to encrypt emails, I am still undecided what to have as my passwords but I have been using md5 for the past 5 years so ya knoowww

obviously I know the benefits of irreversible hashing, but I also know the benefits to a random key which you can then reverse..

have not tried it out but do you think encrypting the hashing would be any use? or just cause an error?

Share this post


Link to post
Share on other sites
  • 0

Posted

Learned something new today! Thanks Alex!

Share this post


Link to post
Share on other sites
  • 0

Posted

PHP functions:
sha1(), md5(), mcrypt (not always available)

MySQL functions:
sha2(key_size, 'string')
key_size = 192, 256, 512, etc.

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='SPEhosting' timestamp='1329072308' post='594650604']this is what I use to encrypt emails, I am still undecided what to have as my passwords but I have been using md5 for the past 5 years so ya knoowww[/quote]
MD5 has been proven to be very insecure nowadays (Google 'rainbow tables'... also it doesn't take very long to crack).

SHA1 has also succumbed to the same fate.

Thus SHA256/512 is recommended nowadays.

Also, using a salt in any of them functions prevents rainbow tables from being used.

[quote name='Jose_49' timestamp='1329072423' post='594650608']
Learned something new today! Thanks Alex!
[/quote]
Glad I could teach someone something! :)
2 people like this

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='-Alex-' timestamp='1329074057' post='594650644']
MD5 has been proven to be very insecure nowadays (Google 'rainbow tables'... also it doesn't take very long to crack).

SHA1 has also succumbed to the same fate.
[/quote]
Yep. The US government has said that government departments must phase our their usage.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.