As stated in the mysql manual:
So… what do you use/prefer? I mean, mainly for store user passwords and manage user auth.
sha256? or what?
bye,
Giovanni.
As stated in the mysql manual:
So… what do you use/prefer? I mean, mainly for store user passwords and manage user auth.
sha256? or what?
bye,
Giovanni.
I use sha1 combined with static and dynamic salt to store passwords in db. Both salts are 64 char long.
You can find more about salts here
Whirlpool. 512 bytes.
sha256 + salt
I’ve invented my own
(not for share… sorry ).
I’m not sure if there’s any safer method than the unknown method.
sha256, sha384, sha512, ripemd160, ripemd320, whirlpool
Maybe sha256 is the best compromise between security and performances, I love whirlpool but it’s slower and it takes the double of the space (length is 256 vs 512).
thanks to all for you replies… I think I’ll go for this one
Want to post a couple of links as a reference:
http://www.wobito.ca/php-encrypt-passwords-using-salt
http://www.php.net/manual/en/function.hash-algos.php
http://www.php.net/manual/en/function.hash.php
I’m not very convinced about using dynamic salt as if a user is able to read your salt then it is probably able to read the code you used to get the dynamic salt…
bye,
Giovanni.
Well if you combien this:
<?
$staticKey = 'qFn9/ASjCowjMXd/Y+H8UUQ+ht6QYdL7wYbGRqg0SuY=';
$userPass = 'mickeymouse';
$dynamicPass = 'uWJgN9/5X8AXa5YAibXvqA==';
$tmpPass = $staticKey.$userPass.$dynamicPass;
$finalPass = sha1($tmpPass);
?>
with a comment on php’s website :
<?php
function doubleSalt($toHash,$username){
$password = str_split($toHash,(strlen($toHash)/2)+1);
var_dump($password);
$hash = hash('md5', $username.$password[0].'centerSalt'.$password[1]);
return $hash;
}
?>
You’ll get something like this:
<?php
$staticKey = 'qFn9/ASjCowjMXd/Y+H8UUQ+ht6QYdL7wYbGRqg0SuY=';
$userPass = sha256('mickeymouse');
$dynamicPass = 'uWJgN9/5X8AXa5YAibXvqA==';
$password = str_split($userPass,(strlen($userPass)/2)+1);
$finalPass = sha256($staticKey.$password[0].$dynamicPass.$password[1]);
?>
I like this way better myself.