Menu
$pass="test"
the above variable contains a password called test.I want to hash this password using sha512 md5 and salt how do i do that as ive found only benifits of salt and sha512,i allready know md5 encryption.please i need the solution as my system is vunerable
and please explain it with a code example because im still attached to md5
from what ive understood by your comments and answers ive got the following code
$pass="test";
$hashed_pass= openssl_digest($pass, 'sha512');
ok seems solid enough but what is [salt='']? does it generate a random salt string or something if so the how to implement it?
816
Solution 1. Use mkpasswd Step 1. Install mkpasswd. Step 2. Generate SHA512 password hash with a salt. If you don’t add parameter -S, --salt=<SOME_STRING_HERE>, it will use a random salt value. If you want to keep it OS agnostic (since mkpasswd it’s not available to macOS and Windows, although you could install it via gem or npm ), use Docker.
28 SHA-512 is a cryptographic hash function. Cryptographic hash functions are one way- you can calculate the hash for a block of data, but it is not possible to get the original data back when you have only the hash. So you cannot decrypt a hash code to get back the original data.
The SHA (Secure Hash Algorithm) is one of the popular cryptographic hash functions. A cryptographic hash can be used to make a signature for a text or a data file.
The SHA (Secure Hash Algorithm) is one of the popular cryptographic hash functions. A cryptographic hash can be used to make a signature for a text or a data file. The SHA-256 algorithm generates an almost-unique, fixed-size 512-bit hash.
Edit: Since this answer still seems to be generating a bit of interest, let me steer you all towards password_hash() which is essentially a wrapper around crypt() but much simpler to use. If you're using PHP<5.5 there is password_compat which was written by the same guy and is actually linked off of the official documentation.
If you're already using crypt() it's worth noting that both password_verify() and password_needs_rehash() will work with all crypt()-style passwords, so there's hardly a reason not to update!
Use crypt(), it provides MUCH stronger hashing methods.
Hash a new password:
// generate a 16-character salt string
$salt = substr(str_replace('+','.',base64_encode(md5(mt_rand(), true))),0,16);
// how many times the string will be hashed
$rounds = 10000;
// pass in the password, the number of rounds, and the salt
// $5$ specifies SHA256-CRYPT, use $6$ if you really want SHA512
echo crypt('password123', sprintf('$5$rounds=%d$%s$', $rounds, $salt));
// output: $5$rounds=10000$3ES3C7XZpT7WQIuC$BEKSvZv./Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8
Compare an existing password:
// the hash stored for the user
$given_hash = '$5$rounds=10000$3ES3C7XZpT7WQIuC$BEKSvZv./Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8';
$test_pw = 'password123';
// extract the hashing method, number of rounds, and salt from the stored hash
// and hash the password string accordingly
$parts = explode('$', $given_hash);
$test_hash = crypt($test_pw, sprintf('$%s$%s$%s$', $parts[1], $parts[2], $parts[3]));
// compare
echo $given_hash . "\n" . $test_hash . "\n" . var_export($given_hash === $test_hash, true);
/* output:
$5$rounds=10000$3ES3C7XZpT7WQIuC$BEKSvZv./Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8
$5$rounds=10000$3ES3C7XZpT7WQIuC$BEKSvZv./Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8
true */
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
