I can't get my php encryption to work

Question

The script is surpose to encrypt a password so that it is much harder to use rainbowtables on it and there for people cannot hack the server so easily, but i cant seem to get it to work so i hope one of you can help me.

<?php

function enc($string){
    $salt = "randomsalt";
    $hash = sha1(md5($salt.$string)) . $md5($string) . sha1(md5(md5($string)));
    return $hash;   
}

echo enc('password');

?>

What do you mean it doesn't work? What does it do, and what are you expecting it to do? — glomad, Jan 10 '13 at 22:17
possible duplicate of [How long should my password salt be, and is SHA-256 good enough?](http://stackoverflow.com/questions/3191690/how-long-should-my-password-salt-be-and-is-sha-256-good-enough) AND http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords and ... — , Jan 10 '13 at 22:28

score 1 · Answer 1 · edited May 23 '17 at 11:48

Listen to the comments, but you also have a typo:

$md5($string) needs to be md5($string) (it's not a variable, it shouldn't have a $ in front of it).

It's true that you're not encrypting here, but that's just a nomenclature issue (you're hashing it, which is what you want to do)... however, your salt probably shouldn't be a fixed string... it should vary by user if you really want a strong hash. There's a lot more to say on this subject (md5 and SHA1 aren't the best hash algorithms for passwords as there are too many rainbow tables for both and they're too fast to execute), but you can read up here and here for bcrypt info.

score 0 · Accepted Answer · answered Jan 10 '13 at 22:23

0

$md5( $string)

breaks your code. Remove the $

You should use something like bcrypt and different salts for all your users.

answered Jan 10 '13 at 22:23

Green Black

5,037
1
17
29

Thank you mate. I did not see that you wrote. i'm new here, hehe :) – Justian Raahauge Jan 10 '13 at 22:27

I can't get my php encryption to work

2 Answers2