Possible Duplicate: Secure hash and salt for PHP passwords I use the following code

Question

0

Editorial Team

Asked: June 8, 20262026-06-08T17:56:13+00:00 2026-06-08T17:56:13+00:00

Possible Duplicate: Secure hash and salt for PHP passwords I use the following code

0

Possible Duplicate:
Secure hash and salt for PHP passwords

I use the following code to hash and store passwords:

$salt=uniqid(mt_rand(), false);
hash('sha512',$pass+$salt);

Is it secure in our time? If no, what solution is better?
Is crypt() good for this purpose or it’s too old?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-08T17:56:15+00:00

To make your hashing harder to brute-force, increase the computation time. sha512 is a cryptographic hashing function and it is optimized for speed. You’re only hashing a password once when authenticating a user so don’t be afraid to take your time.

Since an attacker will be computing millions of hashes, why not make your hash function take 0.1s per hash? You won’t notice any significant speed degradation, but any brute-force attacks will be indefeasible.

That being said, instead of going out and writing your own hash function to do this:

hash = sha512(password)

for i in range(10000):
  hash = sha512(hash) + salt

return hash

Use tested solutions like phpass, which uses bcrypt.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Possible Duplicate: Secure hash and salt for PHP passwords I use the following code

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply