A question regarding about salt and sha1 password encryption

Discuss how to write good code, break bad code, your current pet projects, or the best way to approach novel problems

A question regarding about salt and sha1 password encryption

Post by Billh93 on Mon Jan 07, 2013 9:21 pm
([msg=72114]see A question regarding about salt and sha1 password encryption[/msg])

How can I make my users password absolutely secure? I know to encrypt a users password is by using sha1 because it can't be decrypted. However, I also hear people salting it as well to add a more secure shell I guess. Is this still acceptable? because now computers have more power than ever before. Anyways, give me suggestions on how I can make my users password absolutely secure. Thanks!
Billh93
New User
New User
 
Posts: 15
Joined: Sun Nov 27, 2011 5:26 pm
Blog: View Blog (0)


Re: A question regarding about salt and sha1 password encryption

Post by WallShadow on Tue Jan 08, 2013 12:35 am
([msg=72123]see Re: A question regarding about salt and sha1 password encryption[/msg])

To make sure you are secure, I would recommend using 256 bit SHA-2 as there have been various attacks proposed on SHA-1 already while SHA-2 is still considered a completely secure hash. As for salting, yes, salting does make it more secure by preventing look-up attacks in the case that your database is stolen or copied by an attacker. It gives your users a greater chance that their passwords won't be cracked when someone breaks into the database.

In case you don't know what salting is, it is simply a randomly chosen string which is appended to the user password before hashing, and then hashed together. Then, you store the hash and the salt in one place, so that when the user enters a password again, you do the same thing, append the salt to the password and hash, then compare hashes.

Also, it is specifically because computers have gotten faster that we have to use more powerful hashes and salts. If we were still back in the 80's, md5 would still be a great choice for a hash.
User avatar
WallShadow
Contributor
Contributor
 
Posts: 624
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)


Re: A question regarding about salt and sha1 password encryption

Post by Billh93 on Tue Jan 08, 2013 2:55 pm
([msg=72133]see Re: A question regarding about salt and sha1 password encryption[/msg])

ahh okay thank you so much! I have a question though, in my phpmyadmin under the password section there isnt a sha2 option there is only sha1...how can I get sha2 or other secure forms of password encryption?? Thanks
Billh93
New User
New User
 
Posts: 15
Joined: Sun Nov 27, 2011 5:26 pm
Blog: View Blog (0)



Return to Programming

Who is online

Users browsing this forum: No registered users and 0 guests