I have just noticed that I have SHA512 in my PHP installation. Is it more secure than SHA1? Is it the most secure hashing method (I need for passwords, not for file integrity checking)?
Asked
Active
Viewed 3,110 times
4 Answers
4
In response to @Buddy, speed is not your friend when hashing; the slower the better. If someone is trying to brute force your password, an algorithm that takes a long time will mean the hack will take a long time.
Matt Asbury
- 5,644
- 2
- 21
- 29
3
Sha512 is better.. I also would recommend to use salt
Also see: Secure hash and salt for PHP passwords
Community
- 1
- 1
Wouter Dorgelo
- 11,770
- 11
- 62
- 80
2
I asked this question long time ago.
The answer is to always use an algorithm that has been designed for this, and has passed the test of time.
Currently, that algorithm would be bcrypt (there are 2 others but I don't remember their names). There are bcrypt implementations in every language, so just find one and use it. If computers keep getting faster (which would weaken your hashes), you can increase the number of rounds used to make it slower (it scales with hardware).
md5, sha1, sha512, etc: they suck for passwords. How much they suck? You can bruteforce average length passwords in hours or even seconds with your laptop. And that's ok, they weren't designed for securing passwords. They can still be used as cryptographic primitives though, eg: you can implement bcrypt using md5.
HappyDeveloper
- 12,480
- 22
- 82
- 117
0
You can try This Link , it is a library for doing randomly generated salt hashing ,one of the most secure way of password hashing and user authentication.
Kiran Gopalakrishnan
- 322
- 1
- 4
- 18