Good cryptographic hash functions [duplicate]

Question

Possible Duplicate:
Secure hash and salt for PHP passwords

I am making a website, and I need a secure algorithm to store passwords. I was first thinking of bcrypt, but then I found out my host did not support it and I am not able to change host.

My host allow this encryption:

• Standard DES

And these hashes:

• MD5
• md2, md4 & md5
• sha1, sha256, sha384 & sha512
• ripemd128, ripemd160, ripemd256 and ripemd360
• whirlpool
• tiger128,3, tiger160,3, tiger192,3, tiger128,4, tiger160,4 & tiger192,4
• snefru
• gost
• adler32
• crc32 & crc32b
• haval128,3, haval160,3, haval192,3, haval224,3, haval256,3, haval128,4, haval160,4, haval192,4, haval224,3, haval256,4, haval128,5, haval160,5, haval192,5, haval224,5 & haval256,5

So, can anyone of you fix a good algorithm with that and a salt, please?

Answer 1

You shouldn't store encrypted (or even unencryped) passwords at all. Instead, use salted hashes (stretched, e.g. with PBKDF2), preferably SHA2-512.

For reference, here is a classification of the listed hashes (See wikipedia for details):

Encryption (not a hash function): DES
Non-cryptographic checksums (laughable): adler32, crc32, crc32b
Broken: MD2, MD4, MD5,SHA1
Probably broken: Tiger, snefru, GOST, HAVAL*
Probably safe: SHA2-256/384/512, RIPEMD-128/256, RIPEMD-160/320, WHIRLPOOL

Note that the strength refers to the attack of finding any password that matches a known hash (preimage attack). Also, the above sorting is paranoid, instantly discarding any hash with any known vulnerabilities.