So far I have been using md5 to hash passwords on my site, no

Question

0

Asked: June 4, 20262026-06-04T17:52:16+00:00 2026-06-04T17:52:16+00:00

So far I have been using md5 to hash passwords on my site, no

0

So far I have been using md5 to hash passwords on my site, no salt.

Now I am building an application that will have to be more secure and I’m reading md5 can be easily brute-force attacked.

So I want to use crypt() to hash the passwords.

What I have not fully understood is:

Do I have to provide a salt or is the built-in generated one ok?
How many times (if more than one) should I iterate the crypt function to be safe?
With md5, no matter the length of the input string, the hash was 32-digit. Does crypt return a standard length of hashes too?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-04T17:52:19+00:00

Editorial Team

2026-06-04T17:52:19+00:00Added an answer on June 4, 2026 at 5:52 pm

You need to provide a salt, if you want to specify encryption other than DES. Otherwise, you’re good with the default salt.

You don’t iterate the crypt function yourself, this is done internally with algorithms where it makes sense. Number of iterations is specified via the salt.

Yes, the hash length of a given hash algorithm is standard; different hash algorithms have different hash lengths, however.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

So far I have been using md5 to hash passwords on my site, no

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply