PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Check out the javascript md5 class, it doens't make the password more secure per se, but it does do the md5 hashing on the client side, so that it is transmitted hashed instead of in plain text.
Pyrite wrote:Check out the javascript md5 class, it doens't make the password more secure per se, but it does do the md5 hashing on the client side, so that it is transmitted hashed instead of in plain text.
You can't rely on that however.... ok so it sends hash data not the actual PW, but if they have JS disabled you'll get an unhashed PW, and your server-side PW verificatioins will be inconsistent. I'd stick with doing it on the server.
Just do it once though.... It wont be "more secure" just because you hash it twice.
Actually not, if JS is disabled it doesn't send the password. And instead, prints a message to the screen saying to enable javascript to use secure login.
Why not just md5().... do you know how to crack on md5() hash or something? Even if you could unhash it so to speak it wouldn't be too hard too break it down.
Combining multiple hashes through concatenation of hash-of-a-hash techniques may result in a "greater" probability of a collision when you're hoping for "lesser" probability of one.
got it pimp...how about the others?how do you guys secure passwords for example in a login system...do you guys make it very complicated for the sake of very high security??
MD5 is a 128 bit hash, which I believe breaks down into 64 bits of signature, and 64 bits of security.
SHA256 is a 256 bit hash. It breaks down into 128 bits of signature, and 128 bits of security. It's quite a bit more secure than MD5, but does take longer to process, especially because it's not built into the underlying code of the php engine.