What is better with salt
for password storage?
MD5:
$hash = md5($password . $salt);
Password_hash:
$hash = password_hash($password, PASSWORD_DEFAULT, $salt);
SHA1:
$result = sha1($salt.$string);
To conclude, MD5 generates a message digest of 128-bits, while SHA1 generates a message digest of 160-bit hash value. Hence, SHA1 is a relatively complex algorithm and provides better security than MD5.
The SHA-256 algorithm returns hash value of 256-bits, or 64 hexadecimal digits. While not quite perfect, current research indicates it is considerably more secure than either MD5 or SHA-1. Performance-wise, a SHA-256 hash is about 20-30% slower to calculate than either MD5 or SHA-1 hashes.
SHA-2 contains subversion that can produce hashes of different lengths. The most common is SHA-256 that produces 256-bit hashes. Secondly, the SHA-2 is more secure than MD5, especially in terms of collision resistance. Therefore, the MD5 isn't recommended to use for high-security purposes.
The current strongest encryption algorithms are SHA-512, RIPEMD-320, and Whirlpool. Any one of these algorithms are worthy of protecting top secret level information for your business.
You should absolutely use the password_hash() function without providing your own salt:
$hash = password_hash($password, PASSWORD_DEFAULT);
The function will generate a safe salt on its own. The other algorithms are ways too fast to hash passwords and therefore can be brute-forced too easily (about 8 Giga MD5 per second).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With