I am creating a custom CMS and have built a login system and was

Question

0

Asked: May 12, 20262026-05-12T05:55:39+00:00 2026-05-12T05:55:39+00:00

I am creating a custom CMS and have built a login system and was

0

I am creating a custom CMS and have built a login system and was wandering how vulnerable hashing the passwords this way would be compared to just using the md5 php function like this:

<?php $token = md5($salt . $password . $pepper); ?>

Most people just add a salt but adding pepper just makes sense if your going to add salt 🙂

Here is how I am doing it

<?php $token = hash_hmac('sha512', $salt . $password . $pepper, $key); ?>

The $key would be a value in the database that is unique to each user.
The $salt and the $pepper are randomly generated strings.
The $password is the password of course.

Added on 07/24/09

Thanks for all your responses. Does anyone have an examples of how they do a hash script for creating passwords to store in a database?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-12T05:55:39+00:00

Editorial Team

2026-05-12T05:55:39+00:00Added an answer on May 12, 2026 at 5:55 am

Similar to: https://stackoverflow.com/questions/1111494

Make sure you read this:

http://www.matasano.com/log/958/enough-with-the-rainbow-tables-what-you-need-to-know-about-secure-password-schemes/

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am creating a custom CMS and have built a login system and was

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply