A question regarding about salt and sha1 password encryption

[Billh93]

How can I make my users password absolutely secure? I know to encrypt a users password is by using sha1 because it can't be decrypted. However, I also hear people salting it as well to add a more secure shell I guess. Is this still acceptable? because now computers have more power than ever before. Anyways, give me suggestions on how I can make my users password absolutely secure. Thanks!

[WallShadow]

To make sure you are secure, I would recommend using 256 bit SHA-2 as there have been various attacks proposed on SHA-1 already while SHA-2 is still considered a completely secure hash. As for salting, yes, salting does make it more secure by preventing look-up attacks in the case that your database is stolen or copied by an attacker. It gives your users a greater chance that their passwords won't be cracked when someone breaks into the database.

In case you don't know what salting is, it is simply a randomly chosen string which is appended to the user password before hashing, and then hashed together. Then, you store the hash and the salt in one place, so that when the user enters a password again, you do the same thing, append the salt to the password and hash, then compare hashes.

Also, it is specifically because computers have gotten faster that we have to use more powerful hashes and salts. If we were still back in the 80's, md5 would still be a great choice for a hash.

[Billh93]

ahh okay thank you so much! I have a question though, in my phpmyadmin under the password section there isnt a sha2 option there is only sha1...how can I get sha2 or other secure forms of password encryption?? Thanks