+ 3

Is it good idea to store passwords in database using md5? what are different methods to secure my database?

20th Jan 2017, 6:57 PM
Bhargav Mehta
Bhargav Mehta - avatar
3 odpowiedzi
+ 2
you can use md5,sha 1, sha256 and sha512. This are the encryption that i use.
20th Jan 2017, 8:02 PM
Max_N
Max_N - avatar
+ 2
Storing hashed passwords in databases is a security practice, that way even if the database gets compromised the adversary wouldn't get plaintext passwords. Not saying that hashed passwords are best solution but it does add one layer of security. So even if the adversary gets hands on hashed passwords he/she will have to crack it, meaning reverse the hash into plaintext (we don't exactly reverse the hash because hash functions are irreversible instead we crack it). Cryptographic hash functions (md4, md5, sha1, sha224, sha256, sha384, sha512, ripened... these are just the popular ones) are one way functions. Meaning they are irreversible. Well, they aren't actually irreversible but what we mean is that computing the reverse of a hash is computationally infeasible. That is given 'x' computing H(x) should be fairly simple and fast but given H(x) computing value of 'x' should be hard and time consuming (like say days or months or years). Also hash functions are or should be collision resistant, meaning no two inputs can generate the same output. That is given two inputs, 'x' and 'y', H(x) can not be equal to H(y). Summing up: 2 main properties of hash functions are: 1) They are irreversible 2) They are collision resistant One more thing to speak of is cryptographic salts. They add complexity to your password. They're just random characters you could prepend/append to plaintext before passing it to the hash function. This way even if two people had the same password their hashes will not be same. As of which one to use, I would recommend using SHA256.
21st Jan 2017, 9:11 AM
Arun Manoharan
Arun Manoharan - avatar
0
In PHP, I recommend using password_hash() and password_verify() functions which provide safe hashing algorithms out of the box.
21st Jan 2017, 9:03 PM
Tom Navrátil
Tom Navrátil - avatar