Home/ Questions/Q 8446737
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T10:00:03+00:00

I have a website which uses SHA1 hashing for passwords. I recently read the

  • 0

I have a website which uses SHA1 hashing for passwords. I recently read the following article which argued not to use SHA1 for passwords since SHA1 was never designed to protect passwords: http://arstechnica.com/security/2012/08/passwords-under-assault/4/

Can you please recommend a good hasing method I can implement instead of SHA1 and please provide a link to a tutorial which describes step-by-step how to implement that encryption method using php?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First of all, SHA1 ain’t an encryption algorithm, it is a hashing algorithm.

    For password hashing, I advise the use of PHPass. It basically uses the best possible hashing algorithm available on the system your code is installed upon.

    The preferred (most secure) hashing method supported by phpass is the
    OpenBSD-style Blowfish-based bcrypt, also supported with our public
    domain crypt_blowfish package (for C applications), and known in PHP
    as CRYPT_BLOWFISH, with a fallback to BSDI-style extended DES-based
    hashes, known in PHP as CRYPT_EXT_DES, and a last resort fallback to
    MD5-based salted and variable iteration count password hashes
    implemented in phpass itself (also referred to as portable hashes).

    • 0