Results 1 to 5 of 5
January 6th, 2009, 12:10 PM #1Password Hashes
I assume it's a good idea to store user password as a hash using md5 or shal? If you have a site that allows users to register, do you store the password as a hash? If so, do you prefer md5 or shal?
January 6th, 2009, 12:17 PM #2
Yes, I store the password as a hash. I feel it helps people feel a bit more secure if I can say that the password is encrypted and got not be retrieved by anyone, not even me. Never mind I can set it to anything I want, and usually have full access to all their other personal information as well, they usually feel good about their password...
I prefer storing in SHA1 with a random salt assigned to each user. SHA1 is considered more secure than MD5, and while neither is considered unhackable random salts make things much more secure.Chris Sturgill
"All my life I've had one dream, to achieve my many goals." - H. Simpson
September 16th, 2009, 10:15 PM #3
- Join Date
- November 13th, 2008
checkout the "PHP portable hashing framework"... run that through google, it's great for hashing sensitive info.
September 16th, 2009, 11:46 PM #4I prefer storing in SHA1 with a random salt assigned to each user. SHA1 is considered more secure than MD5, and while neither is considered unhackable random salts make things much more secure.
September 29th, 2009, 10:53 PM #5
- Join Date
- January 17th, 2005
Interesting article on the Hash Algorithm Dilemma
The SHA-1 algorithm has been compromised on a theoretical level and attempts proving the theoretical compromise have not yet been successful.