Web Analytics Made Easy -
StatCounter Good encryption method - CodingForum

Announcement

Collapse
No announcement yet.

Good encryption method

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Good encryption method

    Im wondering what other/better encryption methods PHP has other than hash("sha256" and md5.

    Also what would a good way of salting a password be? I was thinking hash a username then add that to the password somehow but thats probably a stupid idea :P

  • #2
    Sha256 or 512 are your best bets nowadays. MD5 has long been exploited.
    That sounds like a good salting to me. Whether you hash it or not is really up to you; my dynamic salt is typically a 3 or 4 random char provided for each user.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)

    Comment


    • #3
      Ahh okay, thanks . Does double hashing make it better?

      E.g.
      PHP Code:
      $Password $_POST['password'];

      $Password hash("sha256"hash("sha512"$Password)); 
      Last edited by tomharto; Aug 19, 2011, 02:16 PM.

      Comment


      • #4
        Single hash will do fine. Use hash_hmac(). I use a double-salting method. I store one salt with the hash in the database, and have a global hash in the config for the project. I then use hash_hmac('sha512', $value, $dbSalt.$configSalt)

        If you're incredibly paranoid, use http://www.lamped.co.uk/utility/saltGenerator.php - yes it's mine. Shameless self-promotion.

        I would stick with sha512 for the foreseeable future. Storage isn't really an issue in this modern fancy age of big hard disks.
        lamped.co.uk :: Design, Development & Hosting
        marcgray.co.uk :: Technical blog

        Comment


        • #5
          Originally posted by tomharto View Post
          Ahh okay, thanks . Does double hashing make it better?

          E.g.
          PHP Code:
          $Password $_POST['password'];

          $Password hash("sha256"hash("sha512"$Password)); 
          Double hashing won't make it better or worst and the only method to figure out the password remains cracking.

          Comment

          Working...
          X