All geek questions in one place

Using md5 provided even more complex

Possible duplicate:
Protected hash and salt for PHP passwords

I saw someone encode a password hash in this way

md5(uniqid(mt_rand('password', 15), true));

is a safe way to do this? what is even worked out?

+6
source share
3 answers

Not only is this not safe, it doesn't even work.

mt_rand accepts 2 parameters, the minimum value and the maximum value.

 mt_rand('password', 15)

This converts 'password' to int ( 0 ), then returns a random number between 0 and 15 .

 uniqid(mt_rand('password', 15), true)

Then a unique identifier is generated and a random number is added from the previous step to it: calculating something like this:

 144ffb22886d58e1.82100749

This line is md5'd.

As you can see, this code is 100% useless. The original password is converted to 0 and lost forever, so all you do is hash random numbers, which is pointless. Now that you have your hash, there is no way to check it again. Since the password is converted, what the user enters does not matter.

So no, this code is not protected, do not use it.

Personally, I use the phpass library . It is safe and easy to use.

+6
source

No, this is not a safe way. It is hacked and, in your example, does not repeat. You will need to store a random value using the hash itself. If th DB is compromised, then it becomes extremely easy to overdo the hash.

You should know that MD5 and SHA1 are the two weakest hashing algorithms that are available in PHP.

It is much better to use crypt() , with CRYPT_BLOWFISH or PBKDF2 .

Update

Also, as PeeHaa mentioned, it does not work. mt_rand('password', 15) will call Warning: mt_rand() expects parameter 1 to be long, string given on line X

+11
source

To be honest, I would not even use md5 as a hash algorithm for storing passwords. I would look at using something like bcrypt. In addition, I don’t even understand how your example will work, but in any case, if you want to protect it, stay away from md5, sha1 at least and learn from other mistakes and use salt.

+2
source

Source: https://habr.com/ru/post/920062/

More articles:


All Articles