0

I set my password to use md5 and as a test I put the password as owner. I then went to this website and put the md5 hash down and it was able to give me back the password. I don't feel as if md5 is secure. Any ideas on how to make the hash function stronger?

user207421
  • 305,947
  • 44
  • 307
  • 483
DanMossa
  • 994
  • 2
  • 17
  • 48
  • possible duplicate of [Best practice for storing usernames & password in MySQL Databases](http://stackoverflow.com/questions/10397276/best-practice-for-storing-usernames-password-in-mysql-databases) – Artjom B. Dec 10 '14 at 20:01
  • Also: http://stackoverflow.com/questions/2235158/sha1-vs-md5-vs-sha256-which-to-use-for-a-php-login – Artjom B. Dec 10 '14 at 20:01
  • What language is your program in? I'd let that handle the password *hashing* instead of MySQL. – gen_Eric Dec 10 '14 at 20:04
  • @RocketHazmat html/php – DanMossa Dec 10 '14 at 20:23
  • 1
    If you're using PHP, then I suggest you use http://php.net/password_hash and http://php.net/password_verify for your passwords. – gen_Eric Dec 10 '14 at 20:28
  • Follow the advice given in the [password hashing guide](http://www.phptherightway.com/#password_hashing). MD5 is completely useless for storing passwords, it can be cracked too easily. Writing your own access control layer is not easy and there are many opportunities to get it severely wrong. Please, do not write your own authentication system when any modern [development framework](http://codegeekz.com/best-php-frameworks-for-developers/) like [Laravel](http://laravel.com/) comes with a robust [authentication system](http://laravel.com/docs/security) built-in. – tadman Dec 10 '14 at 20:37
  • 1
    MD5 is a hash function, not an encryption algorithm. – user207421 Dec 10 '14 at 21:08

2 Answers2

0

I ended up salting the passwords with password_hash and password_verify

DanMossa
  • 994
  • 2
  • 17
  • 48
-2

Use the MYSQL SHA1() hash function.

The guys commenting my answer and downvoting are right. Although it says in the MYSQL manual:

"You can also use SHA1() as a cryptographic function for storing passwords.",

fine print tells another story...

Svea
  • 267
  • 1
  • 8