- Impact
- 1,418
Which password encryption is best for security ? I have read that md5 is not that good... Is it sha1 ? Or which one ?
Thanks!
Thanks!
The totally best way would be to make your own encryption system (which wouldn't be to hard).
From what I have seen it's better MD5 but still not the best.
You should Hash it (whether random or pre-defined).
The totally best way would be to make your own encryption system (which wouldn't be to hard).
Developing your own encryption is not the best option. Proper encryption requires a very good understanding of mathematics and prime numbers. You need to ensure that you minimise the potential for example of collisions.
Use a currently accepted encryption algorithm and ensure you use salt when encrypting. The algorithm you should choose depends on the trade-offs between desired security and acceptable processing time.
<?php
$salt = "H-w_VJe2_u";
md5($password); // no salt
md5($salt + $password); // with salt
?>
Because, obviously, the MD5 value with and without salt will be different. And even though you'd encrypt passwords one-way, you can compare MD5 values and if the password is obvious or is a dictionary word (as an example), two values compared means you can easily figure out the plain-text value of an encrypted password.
There are many websites that exist which has a large database of the decrypted value of encrypted MD5 values. And so if your site's database is compromised, if you don't add a salt to the passwords in your database, many of your user's encrypted passwords will likely be already listed in a database where the MD5 value can be compared because the password has been submitted to such a database before.
$input = "something";
$output = hash("sha512", $input);
$password = hash("sha512", $password);