carlgcoder
Reputation: 229
Is this secure enough, for hashing
hash('sha512', $_POST['password'] . time())
I have heard alot of things about this and that and can't come to a conclusion...
Upvotes: 3
Views: 116
Answers (3)
phihag
Reputation: 287825
You're using time() as a salt. You can do that, but don't forget to store it (otherwise, how would you ever be able to check that the given password concatenated with the salt matches the stored hash?). sha512 is a great choice for a hash algorithm. I'd suggest
$salt = uniqid('carlgcoder_') . microtime(true);
$hash = hash('sha512', $salt . $_POST['password']);
Upvotes: 4
TROODON
Reputation: 1175
Use salt. Sample:
<?php
$passwordWasSavedInDB = md5($_POST['password']."_paranoia_")
Upvotes: 0
Wesley van Opdorp
Reputation: 14941
I suggest added a salt when creating and hashing passwords, other then that - yes.
Upvotes: 5
Related Questions
- How secure is this method of password hashing and matching?
- PHP - How safe/strong is this hashing?
- How can we create a fairly secure password hash in PHP?
- Is this mechanism to authenticate a user secure?
- Determining if my password hashing method is safe
- Is this a good hashing password function in PHP? If not, why not?
- Would this PHP function provide sufficient data hashing?
- How can I make this more secure?
- Is this password storage method secure?
- How secure is this hash? (PHP)