Home/ Questions/Q 7832045
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T12:00:51+00:00

I’m in the process of developing a CMS system which will run my clients

  • 0

I’m in the process of developing a CMS system which will run my clients sites, but I’ve come to a situation I tried to avoid.
The hash() function requires PHP >= 5.1.2, and I obviously can’t assume that all clients run this, since I won’t handle everyones hosting.

Hence, I’m choosing between:

  1. Sticking with SHA1 only – less security
  2. Using SHA512 when available, otherwise SHA1 – bad compability when
    it’s time for server upgrades
  3. Using SHA512 only – forcing the client to upgrade ASAP (bad – not
    always they can)

I’m appreciating all input!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The hash() function requires PHP >= 5.1.2, and I obviously can’t assume that all clients run this, since I won’t handle everyones hosting.

    Really?!

    • PHP 5.2 is out since Nov 2006
    • PHP 5.3 is out since June 2009
    • PHP 5.4 is out for some weeks now

    Running PHP < 5.1.2 means, that it is at least (!) 6 years old and thus a security issue by itself. The question which hash algorithm is more or less secure is not important anymore.

    Regarding the question: sha1() (with salt) works fine for most use-cases, unless you write software for the CIA or such. The point is, that even salted md5()-hash isn’t worth to get cracked on most sites.

    Using SHA512 only – forcing the client to upgrade ASAP (bad – not always they can)

    When they deny to update a 6 years old software, they are doomed anyway…

    • 0