5
Contributors
4
Replies
36
Views
4 Years
Discussion Span
Last Post by diafol
0

Just a quick question related to OP.

using sha512 + salt to encrypted the password and the salt should be stored on the other table...

is this a good way to stored password for login?

0

there is a more secure way.
hash("haval256,5",$password)
I this is one of the hash algorithm if not the best

0

Your db is used to store the hashed pw. ANy problem with that?

If somebody does break into your db - then the passwords will be useless to them as they are hashed.
Even if they manage to get your php function for creating the hash as well, it would still be a mammoth task to get the original password. Mind you if a malicious user could get into your db and into your php code, your cooked anyway. Just that you may potentially, albeit inadvertently, given away users' passwords - and as many of us use the same ones for many different things - their emails accounts etc may be under threat, which means all those juicy messages congratulating them on joining this and that along with passwords, and so on will now be available too.

So ensure that your hashing technique is robust.
Do you pre-salt and post-salt with sufficient whacky character combinations?
Is your hash method (e.g. sha/haval/whirlpool etc) ridiculously unlikely to hit collisions?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.