0

basically, most of the new websites does not have a big amount of money (that includes me) for doing a high-standard-level-like password hashing, I read a lot says that other password algorithms/hashing uses a lot of memory in GPU or big-sized hashes? Currently I am using sha256, $str, $salt type of hashing, one of the website posted an article that what I am using is not recommended, I also PBKDF2 alot, but when I read how to do it. It includes sha256/mcrypt_create_iv/md5 etc. I do not understand. So can you give me, what does new websites need for that is low-budget and lowe-sized methods

IS THIS CODE SAFE? I MEAN NOT THAT UNSAFE? is this is okay? is this weak ?

<?php
class Hash {
    public static function make($string, $salt = '') {
    return hash('sha256', $string . $salt);
}

public static function salt($length) {
    return mcrypt_create_iv($length);
}

public static function unique() {
    return self::make(uniqid());

}

}

please give me advices and opinions THANK YOU!

phew
  • 147
  • 2
  • 10
  • 1
    Use `password_hash` and `password_verify`. – Albzi May 24 '16 at 08:24
  • is it safe to the attacker, i mean what is the level of the security of this password_hash ?@Albzi – phew May 24 '16 at 08:34
  • @phew - If you need to know the details, there's always looking at the code or reading about [bcrypt](https://en.wikipedia.org/wiki/Bcrypt); but every hash is uniquely salted (rehashing using a new salt) from dev/urandom where available; and uses the CRYPT_BLOWFISH algorithm; and you can control additional features such as the cost.... but how do you measure "level of security"? – Mark Baker May 24 '16 at 08:47
  • for websites that are only starting, the level of security that 1 programmer can handle, yeah bcrypt is one of the recommended and I am interested in the `password_hash` and `password_bcrypt` it is simple. and I will add a question please respond. thank you very much – phew May 24 '16 at 08:59

0 Answers0