CODEWITHSUNDEEP
phphashmd5salt-cryptography
Suhel
Suhel

Reputation: 957

How to use salt with md5 technique

I have coded md5 technique to store the password in hash but I want to implement it with salt.

here is my register form php with md5 function which is working perfectly.

<?php
require("common.php");
if (! empty ( $_POST )) {
    if (empty ( $_POST ['username'] )) {
        die ( "Please enter a username." );
    }
    if (empty ( $_POST ['password'] )) {
        die ( "Please enter a password." );
    }
    $query = "SELECT 1 FROM User WHERE username = :username";
    $query_params = array (
            ':username' => $_POST ['username'] 
    );
    try {
        $stmt = $db->prepare ( $query );
        $result = $stmt->execute ( $query_params );
    } catch ( PDOException $ex ) {
        die ( "Failed to run query: " . $ex->getMessage () );
    }
    $row = $stmt->fetch ();
    if ($row) {
        die ( "This user name is already registered" );
    }
    $password = md5($_POST['password']);
    $query = "INSERT INTO User (username, password) VALUES (:username, :password)";
    $query_params = array (
            ':username' => $_POST ['username'],
            ':password' => $password 
    );
    try {
        $stmt = $db->prepare ( $query );
        $result = $stmt->execute ( $query_params );
    } catch ( PDOException $ex ) {
        die ( "Failed to run query: " . $ex->getMessage () );
    }
    header ( "Location: login.php" );
    die ( "Redirecting to login.php" );
}
?>

Upvotes: 0

Views: 5905

Answers (3)

Machavity
Machavity

Reputation: 31614

You should not use MD5 or SHA1 for hashing (even with a salt) as they are proven to be insecure.

Using salted md5 for passwords is a bad idea. Not because of MD5's cryptographic weaknesses, but because it's fast. This means that an attacker can try billions of candidate passwords per second on a single GPU.

PHP now provides a simple way to use the far more secure bcrypt hash through the password_hash function, which not only generates a strong hash, but generates a random salt as well

$password = password_hash($_POST['password'], PASSWORD_DEFAULT);

Upvotes: 3

bɪˈɡɪnə
bɪˈɡɪnə

Reputation: 1085

Md5 is considered insecure and is no more used, You can use password_hash which uses salt by default to generate strong password hashing. It's easier to use just couple of lines and it's done. Remember do not use your own salt with password_hash salt option has been deprecated as of PHP 7.0.0. now it is preferred to use the salt that is generated by default.

Upvotes: 1

Ninju
Ninju

Reputation: 2530

Md5 is the old method for storing passwords.Please have a look at the below links for Hashing password using salt

https://crackstation.net/hashing-security.htm

http://www.sitepoint.com/hashing-passwords-php-5-5-password-hashing-api/

Upvotes: 0

Related Questions