PHPDevil Posted December 19, 2012 Share Posted December 19, 2012 For obvious reasons, ive moved away from MD5. I just had some questions. What I am using now is: $hash = hash('ripemd160' , $pass1); As far as im concerned, there hasn't been a issue with ripemd160....I hope! I was wondering, I wanted to add a salt for a better piece of mind....looked at the manual for php hash function but it doesn't show how i can implement it in the parameters. So my question is how would I achieve this and what is the use of MD5 nowadays Quote Link to comment Share on other sites More sharing options...
Dayo Posted December 19, 2012 Share Posted December 19, 2012 if you want to have a different salt for each user you could use something like the below $hash = hash('ripemd160' , $ir['salt'].$pass1); If you dont want to have a new field you can use the id, username, email or any other user field that dosent change from registering. or you can use the same salt for everyone and use something like $salt='tv7f59r6ti'; $hash = hash('ripemd160' , $salt.$pass1); Quote Link to comment Share on other sites More sharing options...
PHPDevil Posted December 19, 2012 Author Share Posted December 19, 2012 Thanks for that Dayo! Probably do something like this $salt='tv7f59r6ti'; $salt2='dfsdsfsda'; $hash = hash('ripemd160' , $salt.$pass1.$salt2); Quote Link to comment Share on other sites More sharing options...
Dayo Posted December 19, 2012 Share Posted December 19, 2012 yea you can place the hash anywhere really even something like this putting the salt in the middle of the password $passlen=floor((strlen($pass)/2)); $pass = str_split($passtosalt, $passlen); $hashthis = $pass[0].$salt.$pass[1]; not tested Quote Link to comment Share on other sites More sharing options...
HauntedDawg Posted December 20, 2012 Share Posted December 20, 2012 Before you go ahead, I'd like to point you to a proper article regarding password hashing, the wrongs, goods & bads. http://crackstation.net/hashing-security.htm And, to give some quote's to those lazy ones. There are a lot of conflicting ideas and misconceptions on how to do password hashing properly, probably due to the abundance of misinformation on the web. Password hashing is one of those things that's so simple, but yet so many people get wrong. With this page, I hope to explain not only the correct way to do it, but why it should be done that way. The most common salt implementation errors are reusing the same salt in multiple hashes, or using a salt that is too short Which is the case here, where you will be re-using the salt. Now, because you are using ripeMD-160, a hashing algorithm that's very quick to generate. You could run through 1 million hashes very quickly, thus it is better to implement a hashing algorithm that take's some time to create. You can take "bcrypt" for example, or "PBKDF2". You can find a PHP implementation of PBKDF2 here And i would suggest going to PHPASS, as it implements blowfish cryptography. What I'd like to point out tho, is that ripemd160, has got a lookup table floating around already. ripeMD160 1,493,677,782 16 GB Thats 16GB of ripeMD-160 hashes. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.