How to hash password correctly in PHP?

(08-25-2017, 10:00 PM)Jakub Wrote:

[To see links please register here]

(08-25-2017, 09:53 PM)Sikom Wrote:

[To see links please register here]

(08-25-2017, 09:51 PM)Jakub Wrote:

[To see links please register here]

Im hashing passwords on my websites/scripts using double md5 + salt and i personally prefer this way.

md5 is not really secure though is it?

i'm working with it for 1 year now and for now it's okay. But i have my own "hash" function so if double md5 with salt fails i will switch to my hash function

What do you mean by your own "hash" function? I think MD5 is considered unsecure, and I don't think you should use it.

Im hashing passwords on my websites/scripts using double md5 + salt and i personally prefer this way.

I have my own algorythm, php script which is hashing passwords, texts etc. (i.e. it will change "a" to "#72gwvs&") i'm using that hashing for my own private website where i have all of my projects. Once a month i'm changing algorythm for safety

(08-25-2017, 10:19 PM)Jakub Wrote:

[To see links please register here]

I have my own algorythm, php script which is hashing passwords, texts etc. (i.e. it will change "a" to "#72gwvs&") i'm using that hashing for my own private website where i have all of my projects. Once a month i'm changing algorythm for safety

Do you even know anything about cryptology?

(08-25-2017, 10:00 PM)Jakub Wrote:

[To see links please register here]

(08-25-2017, 09:53 PM)Sikom Wrote:

[To see links please register here]

(08-25-2017, 09:51 PM)Jakub Wrote:

[To see links please register here]

Im hashing passwords on my websites/scripts using double md5 + salt and i personally prefer this way.

md5 is not really secure though is it?

i'm working with it for 1 year now and for now it's okay. But i have my own "hash" function so if double md5 with salt fails i will switch to my hash function

This beyond stupid.
MD5 was peer reviewed and looked over by tons of security experts, yet it was still broken.
Your own algorithm is probably not as advanced as MD5, and is a major security hole.

Use bcrypt or something ffs

PHP has a password_hash() function for a reason. Use it, the default algorithm is BCRYPT. @Sikom this goes to you aswell.

Never try to out think crackers man, never use your own algorithm, always use opensourced crypto.

(08-25-2017, 11:54 PM)Ender Wrote:

[To see links please register here]

PHP has a password_hash() function for a reason. Use it, the default algorithm is BCRYPT.

This ^^ Enough said.

It's key stretching algorithm speaks for Itself.

(08-25-2017, 11:54 PM)Ender Wrote:

[To see links please register here]

(08-25-2017, 10:00 PM)Jakub Wrote:

[To see links please register here]

(08-25-2017, 09:53 PM)Sikom Wrote:

[To see links please register here]

md5 is not really secure though is it?

i'm working with it for 1 year now and for now it's okay. But i have my own "hash" function so if double md5 with salt fails i will switch to my hash function

This beyond stupid.
MD5 was peer reviewed and looked over by tons of security experts, yet it was still broken.
Your own algorithm is probably not as advanced as MD5, and is a major security hole.

Use bcrypt or something ffs

Would agree with that being beyond stupid


Is this a good solution @'ender'?

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

(08-26-2017, 11:15 AM)Sikom Wrote:

[To see links please register here]

(08-25-2017, 11:54 PM)Ender Wrote:

[To see links please register here]

(08-25-2017, 10:00 PM)Jakub Wrote:

[To see links please register here]

i'm working with it for 1 year now and for now it's okay. But i have my own "hash" function so if double md5 with salt fails i will switch to my hash function

This beyond stupid.
MD5 was peer reviewed and looked over by tons of security experts, yet it was still broken.
Your own algorithm is probably not as advanced as MD5, and is a major security hole.

Use bcrypt or something ffs

Would agree with that being beyond stupid


Is this a good solution @'ender'?

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

This is not a good solution.
Use BCRYPT man

(08-26-2017, 12:48 PM)Pikami Wrote:

[To see links please register here]

(08-26-2017, 11:15 AM)Sikom Wrote:

[To see links please register here]

(08-25-2017, 11:54 PM)Ender Wrote:

[To see links please register here]

This beyond stupid.
MD5 was peer reviewed and looked over by tons of security experts, yet it was still broken.
Your own algorithm is probably not as advanced as MD5, and is a major security hole.

Use bcrypt or something ffs

Would agree with that being beyond stupid


Is this a good solution @'ender'?

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

This is not a good solution.
Use BCRYPT man

Why is that not a good solution?