How secure is this hash? (Php)

Question

How secure is this hash? (Php)

function oneWayEncrypt($string) { 
    $salt = md5($string."yHuJ@8&6%4#%([@d-]"); 
    $salt2 = md5($string."@!#&+-)jU@[yT$@%"); 

    $string = hash('sha512',"$salt$string$salt2"); 

    return $string; 
}

+3

security php hash

webnat0 Mar 6 '11 at 9:07

source share

3 answers

?

? - , .

cookie? - HMAC, .

, , , . . .

, -, , , . .

, , SHA-512 , . Preimage Attacks 41-Step SHA-256 46-Step SHA-512 . , (PDF), , , SHA-256 SHA-512, , , SHA-256 SHA-512.

+4

Zed 06 . '11 9:26

SHA-512 - , : SHA-512 154 /. -, , , bcrypt, .

In addition, use a random and unique salt for each hash operation and store it with the hash so that you can play back the hash for comparison.

+2

Gumbo Mar 6 '11 at 9:34

source share

templatetypedef · Accepted Answer · 2011-03-06T09:15:00+0000

Using SHA-512 is a good idea to get a cryptographically strong hash, but your choice of salt does not add extra protection. In particular, salt is only good if its value is random and cannot be predicted in advance. This allows an attacker to pre-compute a table of known hashes with which you can try to attack your database. If the salt is known, then the attacker can simply precompute the hash value table with a solid salt relationship.

, . , () , SHA-512 . , .

, , , , . , , , , , . , , , , (, 128 ), , . SHA-512, ( " " ), .

How secure is this hash? (Php)

?

More articles: