Home/ Questions/Q 8156825
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T17:04:37+00:00

I initially used MD5 when i first started out coding to hash user passwords.

  • 0

I initially used MD5 when i first started out coding to hash user passwords.

 $password1 = md5($password);

After reading countless of pages with different opinions, what shall i be using? crypt,SHA1,SHA256… here is an example of how i revised code by using SHA1 and static salting.

$salt = '324912343223942833294328432392';
$passwordarray = str_split($password,2);
$password1 = sha1($passwordarray[0].$salt.$passwordarray[1]);
//insert $password1 into database

when logging in and checking password..

$salt = '324912343223942833294328432392';

    $passwordarray = str_split($password,2);
    $dbpasswordarray = str_split($dbpasswordarray,2);

    $password = sha1($passwordarray[0].$salt.$passwordarray[1]);
    $dbpassword = sha1($dbpasswordarray[0].$salt.$dbpasswordarray[1]);

               if ($username==$dbusername&&md5($password3)==$dbpassword)
               {

What shall i do to improve/change this code and make it more secure? .. can i have an example.. Shall i do dynamic salting and add a unique salt to each user in the database?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You should use bcrypt.

    The problem with MD5, SHA-1, etc is that they were designed to be fast to compute. This makes brute force and dictionary attacks easy because you can test millions of passwords per second.

    Bcrypt solves this by being deliberately slow. It has a work factor that can be adjusted so that as hardware improves you can make the calculation more difficult.

    Related

    • 0