How do you encrypt passwords?
- Thread starter Luke
- Start date
Re: How do you store passwords?
What is your opinion on passwords encrypted with MD5 that have also been salted? That's what I've used in the past. MD5 is pretty weak, especially if you have a weak password encrypted with it, but I think a salt greatly increases the difficulty of cracking it.
What is your opinion on passwords encrypted with MD5 that have also been salted? That's what I've used in the past. MD5 is pretty weak, especially if you have a weak password encrypted with it, but I think a salt greatly increases the difficulty of cracking it.
D
Deleted member 25872
Re: How do you store passwords?
I store passwords in my head! 🙂
I store passwords in my head! 🙂
Re: How do you store passwords?
Base64... lelleleljkjk
This is how I currently do it in my authentication class.
Password:
md5 the password
SHA-512 the md5
Username:
md5 the username
SHA-512 the md5
Then finally salt the password string with the username string. md5 then SHA-512 the result.
Tada.
Base64... lelleleljkjk
This is how I currently do it in my authentication class.
Password:
md5 the password
SHA-512 the md5
Username:
md5 the username
SHA-512 the md5
Then finally salt the password string with the username string. md5 then SHA-512 the result.
Tada.
Re: How do you store passwords?
I typically use a PHP implementation of PBKDF2.
PBKDF2 stands for Password Based Key Derivation Function 2. It's kind of like using double-SHA, except it iterates a few thousand times instead of 2 times. It can use any of the SHA algorithms, ranging from good ol' sha1 to sha256. It also uses a salt, etc.
Newly developed apps should probably use either PBKDF2 or Blowfish. I use PBKDF2, as it's a bit easier to implement, and also because it's endorsed by the National Institute of Standards.
I typically use a PHP implementation of PBKDF2.
PBKDF2 stands for Password Based Key Derivation Function 2. It's kind of like using double-SHA, except it iterates a few thousand times instead of 2 times. It can use any of the SHA algorithms, ranging from good ol' sha1 to sha256. It also uses a salt, etc.
Newly developed apps should probably use either PBKDF2 or Blowfish. I use PBKDF2, as it's a bit easier to implement, and also because it's endorsed by the National Institute of Standards.
lionel.web
Reputable
Re: How do you store passwords?
I think md5 with a hard to find salt is enough.
There is no way someone to find it..
I think md5 with a hard to find salt is enough.
There is no way someone to find it..
Re: How do you store passwords?
MD5 certainly isn't secure enough for passwords in my opinion. Just take a look at this CodingHorror article about hash cracking times; in particular, the fact that a nine character MD5 password could be cracked in 10 days with a high-end home PC.
bcrypt would definitely be the weapon of choice for me, or perhaps even scrypt (which is more resistant to GPU attacks), plus a decent salt. PHPass is a good PHP library for a web application storing passwords.
MD5 certainly isn't secure enough for passwords in my opinion. Just take a look at this CodingHorror article about hash cracking times; in particular, the fact that a nine character MD5 password could be cracked in 10 days with a high-end home PC.
bcrypt would definitely be the weapon of choice for me, or perhaps even scrypt (which is more resistant to GPU attacks), plus a decent salt. PHPass is a good PHP library for a web application storing passwords.
lionel.web
Reputable
Re: How do you store passwords?
if use md5 with salt, and md5 again the md5 password with a new salt, will be still easy to be hacked?
if use md5 with salt, and md5 again the md5 password with a new salt, will be still easy to be hacked?
jacktheking
Paragon
Re: How do you store passwords?
http://lmgtfy.com/?q=MD5+Database
Personally I use a very strong and secure algorithm. Recommended by PHP.. PHP Password API. Of course, I did not stop there.. I came out with another algorithm that encrypt the password even better. I'm not going to share with you guys.. 🙂
lionel.web said:
http://lmgtfy.com/?q=MD5+Database
Personally I use a very strong and secure algorithm. Recommended by PHP.. PHP Password API. Of course, I did not stop there.. I came out with another algorithm that encrypt the password even better. I'm not going to share with you guys.. 🙂
Re: How do you store passwords?
Security through obscurity is generally not a good way to go. If an algorithm is truly secure, then you should be able to release the details of the algorithm without any concern.jacktheking said:
Abdul Raheem
Acquaintance
Re: How do you store passwords?
i store passwords in php language encripted form md5 function.
i store passwords in php language encripted form md5 function.
Affiliates
