I’m bringing this up after spending a few hours trawling through a number of

Question

0

Asked: May 23, 20262026-05-23T07:56:04+00:00 2026-05-23T07:56:04+00:00

I’m bringing this up after spending a few hours trawling through a number of

0

I’m bringing this up after spending a few hours trawling through a number of posts on SO with regards to the most secure way to handle passwords in PHP/MySQL. Most answers seem to be fairly out of date, as are links that people are directed to. Many recommend md5 and sha-1.

We all know that MD5 and SHA-1 are no longer worth using due to the fact that they have been reversed, and also because there are a number of databases out there that have built up millions of md5/sha1 strings. Now, obviously you get around this with salt, which I intend to do.

I have however recently started playing around with whirlpool, which seems much more secure, and up to date. Would I be right in thinking whirlpool+salt is ample protection for passwords?

I was actually considering something like this:

<?php
    $static_salt = 'some_static_salt_string_hard_coded';
    $password = 'some_password_here';
    $salt = 'unique_salt_generated_here';

    $encoded = hash('whirlpool', $static_salt.$password.$salt);
?>

What do you think? Overkill or sensible?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-23T07:56:05+00:00

Editorial Team

2026-05-23T07:56:05+00:00Added an answer on May 23, 2026 at 7:56 am

This will be enough (however, there is no sense in static hardcoded salt). And, why not to use SHA256? Whirlpool is rarely used.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m bringing this up after spending a few hours trawling through a number of

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply