md5 is the commonly used algorithm by most of the novice programmers. md5 algorithm is used to encrypt password and there is no decryption algorithm to decrypt it, most of the programmers think it is safe. But the truth is md5 is not safe, it is vulnerable to boot force attack. Many sites were hacked by the hackers just because the developer uses md5 algorithm for the encryption of the passwords. Then normally a question will arise, which encryption should we use? My answer is, there is 2 solution for the problem.
- Create your own encryption algorithm.
- Use a encryption algorithm which is stronger than md5.
If you can’t create one then go for the second option. Then usually a question will arise, which is the stronger encryption algorithm than md5? My answer is crypt().
string crypt(string $str [, string $salt] )
crypt() will return a hashed string using the standard Unix DES-based algorithm or alternative algorithms that may be available on the system.
The salt parameter is optional. However, crypt() creates weak password without salt. PHP 5.6 or later raise E_NOTICE error without it. Make sure specify strong enough salt for better security.
<?php
$hashed_password = crypt('mypassword'); // let the salt be automatically generated
/* You should pass the entire results of crypt() as the salt for comparing a
password, to avoid problems when different hashing algorithms are used. (As
it says above, standard DES-based password hashing uses a 2-character salt,
but MD5-based hashing uses 12.) */
if (hash_equals($hashed_password, crypt($user_input, $hashed_password)) {
echo "Password verified!";
}
?>
The post Which encryption should I use to encrypt my password in php other than md5 appeared first on Dharwish.com.
