Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Possible Duplicate:
Secure hash and salt for PHP passwords
I saw someone coding a password hash like this,
md5(uniqid(mt_rand('password', 15), true));
is that a secured way to do this? is that even worked out?
Not only is that not secure, it doesn’t even work.
mt_randtakes 2 parameters, a min value and a max value.This converts
'password'to an int (0), then returns a random number between0and15.This then generates a unique ID, and prepends the random number from the previous step to it: calculating something like this:
That string is then md5’d.
As you may be able to see, this code is 100% useless. The original password is converted to
0and lost forever, so all you’re doing is hashing random numbers, which is pointless. Now that you have your hash, there is no way to verify it again. Since the password is converted, whatever the user enters doesn’t matter.So, no, this code is not secure, do not use it.
Personally, I use the phpass library. It’s secure, and simple to use.