PHP security: sha1 or hash
Posted: Sat Oct 09, 2010 1:56 pm
Hi,
After knowing that hashing a password is my choice for making a login form. Now I am facing another issue - sha1 or hash?
This is a standard method using salt I think I got it from a reference book of mine,
but then after I have done some research on sha1, it was told it may not be so secure in the future, suggesting using hash().
But I don't quite understand using hash() - for instance -
what is that 'sha256' or 'sha512' which I found it here?
http://hungred.com/useful-information/p ... -password/
can I put anything instead, like '@123'?
why is it called salt anyway - $salt = time(); is nothing else but just a unix timestamp isn't??
thanks!
After knowing that hashing a password is my choice for making a login form. Now I am facing another issue - sha1 or hash?
This is a standard method using salt I think I got it from a reference book of mine,
Code: Select all
# create a salt using the current timestamp
$salt = time();
# encrypt the password and salt with SHA1
$usr_password = sha1($usr_password.$salt);But I don't quite understand using hash() - for instance -
Code: Select all
$usr_password = hash('sha256', $usr_password); http://hungred.com/useful-information/p ... -password/
can I put anything instead, like '@123'?
why is it called salt anyway - $salt = time(); is nothing else but just a unix timestamp isn't??
thanks!
