MD5 Hashing

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ScottCFR
Forum Commoner
Posts: 33
Joined: Sat Jun 19, 2010 7:36 pm

MD5 Hashing

Post by ScottCFR »

I am trying to work with the MD5 feature. But, I am kinda confused as to where to put it. I have the fields pass and pass2. Pass 2 is to be sure that it's the same as pass 1. I don't know where I will hash it, like before the query?
shawngoldw
Forum Contributor
Posts: 212
Joined: Mon Apr 05, 2010 3:38 pm

Re: MD5 Hashing

Post by shawngoldw »

It shouldn't matter where you hash them as long as you hash both of them at the same time.

Shawn
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: MD5 Hashing

Post by social_experiment »

Hash it before the query and write the hashed value to the database, use sha() instead of md5 though.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
ScottCFR
Forum Commoner
Posts: 33
Joined: Sat Jun 19, 2010 7:36 pm

Re: MD5 Hashing

Post by ScottCFR »

So i would use..

$pass1 = sha(pass)
tonchily
Forum Commoner
Posts: 54
Joined: Thu Sep 02, 2010 10:44 am

Re: MD5 Hashing

Post by tonchily »

ScottCFR wrote:So i would use..

$pass1 = sha(pass)
$pass1 = sha($pass1);
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: MD5 Hashing

Post by pickle »

The whole point of hashing is so that you can store the password without knowing what it is. This will enable you to compare the password in the future, without having to store it.

I imagine the form you're talking about is a signup/registration form. For comparing your 1st & 2nd password fields, don't bother hashing them - you just want to make sure the value is the same.

You need to hash the password before you store it anywhere, such as the database. The database should then store the hashed value. In the future, when users try to login, you hash the password they type in, and put the hashed value in the query.

As far as which hashing algorithm to choose, sha() and md5() are both relatively insecure (relative to other hashing algorithms). If you have the appropriate version, I'd recommend using the hash() function for sha256 or sha512.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Post Reply