What method would you call safest and most secure? I took these snippets off php.net. I'm just wondering because people posted their own and I just couldn't catch on to understand why some are the way they are... Can someone help me out and tell me a little more about these? Which would be the most secure and why?
1.
<?php
$hash = md5($salt1.$password.$salt2);
?>
2.
<?php
function eliteEncrypt($string) {
// Create a salt
$salt = md5($string."%*4!#$;\.k~'(_@");
// Hash the string
$string = md5("$salt$string$salt");
return $string;
}
?>
3.
<?php
define ('SALT_ONE', 'some_random_123_collection_&$^%_of_stuff');
define ('SALT_TWO', 'another_random_%*!_collection_ANbu_of_stuff');
$password = 'dragon';
function generate_encrypted_password($str) {
$new_pword = '';
if( defined('SALT_ONE') ):
$new_pword .= md5(SALT_ONE);
endif;
$new_pword .= md5($str);
if( defined('SALT_TWO') ):
$new_pword .= md5(SALT_TWO);
endif;
return substr($new_pword, strlen($str), 40);
}
echo generate_encrypted_password($password);
?>
4.
<?
function enchsetenev($toencode,$times)
{
$salt = 's+(_a*';
for($zo=0;$zo<$times;$zo=$zo+1)
{
$toencode = hash('sha512',salt.$toencode);
$toencode = md5($toencode.$salt);
}
return $toencode;
}
?>
5.
<?php
$hash = $password . $salt;
for ( $i = 0; $i < 10000; $i++ ) {
$hash = md5( $hash );
}
echo $hash;
?>
If you change the first example to :
<?php
$hash = hash('sha256', $salt1.$password.$salt2);
?>
this will be secure enough for 99% of the application.
The only question is how to generate the salt. I recommend a fixed salt ($salt2) and on salt generated for each user ($salt1) which is stored in the database along the password.
This way you're pretty secure against rainbow table attack even if someone retrieves the content of your database.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With