Home/ Questions/Q 6989353
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T19:12:03+00:00

I am working on a script and need to save passwords. For development purposes,

  • 0

I am working on a script and need to save passwords. For development purposes, I have been using the crypt() function because it was easy and available. Now that I am mostly done, I want to replace it with something a little better and more consistent.

Some of the concerns I have are:

  • not all algorithms are supported on every system
  • sometimes the salt is pre-pended to the result (seems like a security problem)

I want something that works with PHP 4.3+.

Is there anything available, or should I stick with crypt()? I thought about using md5(md5($password).$salt). Thanks for the insight.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    There is nothing wrong with crypt

    If your server does not support it, use another server.

    You should NEVER use MD5 for hashing passwords (or even SHA1 for that matter)

    Use either bcrypt (the blowfish method of crypt) or pbkdf2

    There is an implementation of pbkdf2 here:
    Encrypting Passwords with PHP for Storage Using the RSA PBKDF2 Standard

    More information on why and how here:

    • 0