• 0

Hashing a password


Question

Using PHP, is there a built-in function for hashing a password (a string) before storing it in a MySQL database? I'm trying to build a registration page and don't want to store passwords in clear-text.

Link to comment
Share on other sites

11 answers to this question

Recommended Posts

  • 0

Here's a (variation of the) function I use in my sites:

function passwordHash($unencrypted, $usernameOrOtherStaticVar)
{
  $salt = md5(strtolower($usernameOrOtherStaticVar) . 'someSaltHere');
  return hash('sha512', $salt . $unencrypted);
}

Salted and double hashed :)

Link to comment
Share on other sites

  • 0

You shouldn't reinvent the wheel when it comes to cryptography... besides SHA512 is (at least) 4x stronger.

function protect($email) {

$key = 'insert-random-key-here';

$size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);

$iv = mcrypt_create_iv($size,MCRYPT_DEV_URANDOM);

return mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $email, MCRYPT_MODE_ECB, $iv);

}

this is what I use to encrypt emails, I am still undecided what to have as my passwords but I have been using md5 for the past 5 years so ya knoowww

obviously I know the benefits of irreversible hashing, but I also know the benefits to a random key which you can then reverse..

have not tried it out but do you think encrypting the hashing would be any use? or just cause an error?

Link to comment
Share on other sites

  • 0
this is what I use to encrypt emails, I am still undecided what to have as my passwords but I have been using md5 for the past 5 years so ya knoowww

MD5 has been proven to be very insecure nowadays (Google 'rainbow tables'... also it doesn't take very long to crack).

SHA1 has also succumbed to the same fate.

Thus SHA256/512 is recommended nowadays.

Also, using a salt in any of them functions prevents rainbow tables from being used.

Learned something new today! Thanks Alex!

Glad I could teach someone something! :)

  • Like 2
Link to comment
Share on other sites

  • 0

MD5 has been proven to be very insecure nowadays (Google 'rainbow tables'... also it doesn't take very long to crack).

SHA1 has also succumbed to the same fate.

Yep. The US government has said that government departments must phase our their usage.

Link to comment
Share on other sites

This topic is now closed to further replies.